top of page

The C-I-A triad: SOC 2 Type II Controls and ISMS (Information Security Management System)

Updated: Feb 4, 2020


Confidentiality, Integrity and Availability, also known as the CIA triad, a model designed to guide policies for information security within an organization. ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS).

ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Similarly, On the other hand Service and Organization Controls (SOC) 2 Report based upon the Trust Services Criteria, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 18). The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

The SOC 2 Trust Service Criteria are based upon, and modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. All the defined criteria jointly should demonstrate adherence to the overall criteria and produce an unqualified opinion unlike Information Security Management system which gives auditee an option to exclude certain controls.On the Other hand ISO/IEC 27001:2013 ISMS Covers outsourced task in depth how any service organization that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. SOC 2 was put in place to address demands in the marketplace for assurance over non-financial controls to prevent SOC 1 from being misused just like SAS 70 was. LnC consulting division provides you complete know how of best and fastest way to implement security on the ground.

SOC 2 -Trust services Criteria comprises of 5 categories and they correspond to what ISO/IEC 27001:2013 ISMS defines in CIA Triad at heart of which is Information security.

Each category has a specific set of defined criteria as given below and LnC Security and Compliance division helps organization deliver faster and secure information with defined set of Tools, Policies , Processes and Procedures.

SOC 2 -Trust services Criteria comprises of 5 categories:

Security : Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.

Availability: Information and systems are available for operation and use to meet the entity’s objectives.

Processing integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.

Confidentiality. Information designated as confidential is protected to meet the entity’s objectives.

Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.

824 views0 comments

Recent Posts

See All


Commenting has been turned off.

Thanks for subscribing! Loadncode has sent a mail to you for email confirmation

bottom of page