Flow

SOC 2 · C1

C1 · Confidentiality

2 controls in this family.

SOC2-C1-DATA-CLASSIFICATION

Data Classification and Handling Policy

Policy defining data classification tiers (e.g., Public, Internal, Confidential, Restricted) and the handling requirements for each tier.

SOC2-C1-DATA-DISPOSAL

Data Retention and Secure Disposal Policy

Policy defining retention periods for each data type and procedures for secure disposal of data at end-of-life.

preventivemedium
Adopt

Data Classification and Handling Policy

Policy defining data classification tiers (e.g., Public, Internal, Confidential, Restricted) and the handling requirements for each tier.

C1.1

Testing: Annually

preventivemedium
Adopt

Data Retention and Secure Disposal Policy

Policy defining retention periods for each data type and procedures for secure disposal of data at end-of-life.

C1.2

Testing: Annually