SOC 2 vs Industry Frameworks

The five Principles of SOC 2 have major cross over with other industry frameworks such as ISO 27001, COBIT, CSA Cloud Controls Matrix and PCI. All have a strong focus on security, availability of service, processing controls, and in some cases, privacy.

Service Organizations and their Users that have an interest in best practice need to know how these frameworks overlap and complement each other. At the very least it allows comparability for users and reduces rework for service organizations.

Sources for SOC 2 vs Industry Frameworks

CSA Cloud Controls Matrix Banner

There is one key third party summary of how SOC 2 meshes with other frameworks, the Cloud Security Alliance Cloud Controls Matrix v3.0.

This Excel spreadsheet aligns and cross-references the CSA Cloud Controls with multiple frameworks including SOC 2. This allows the user to match SOC 2 to the other frameworks. While it is Cloud-focused it remains the best mapping tool.

It currently aligns to the 2009 version of the Trust Services Principles, and compares to COBIT 4.1, not 5.

Click to download the CSA Cloud Controls Matrix v3.0 from Rogers Carlisle or from CSA.

Upcoming Rogers Carlisle Comparisons

We will be delivering specific framework comparisons when the new Trust Service Principles document is finalised mid-2014.