SOC 2 Knowledge Hub SOC 2 CC1: Common Criteria related to the Control Environment SOC 2 CC2: Common Criteria related to Communication and Information SOC 2 CC3: Common Criteria related to Risk Assessment SOC 2 CC4: Common Criteria related to Monitoring Activities SOC 2 CC5: Common Criteria related to Control Activities SOC 2 CC6: Common Criteria related to Logical and Physical Access SOC 2 CC7: Common Criteria related to System Operations SOC 2 CC8: Common Criteria related to Change Management SOC 2 CC9: Common Criteria related to Risk Mitigation SOC 2 Availability Criteria Articles that We’ve Written What is the Hardest Part of Passing Your First Audit? Third Party Vendor Management: What You Need to Know SOC 1 vs. SOC 2: What is the Difference? Explained: Security Incident Response Plan Bridge Letter: Things You Should Know Explained: Microsoft’s SSPA Program