SOC 2 Common Criteria 7.3 Incident Detection and Response

The SOC 2 Audit Reports provide documentation to help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 CC7.3 Incident Detection and Response report describes how to access security event and threat response reporting features in the Alert Logic console that help demonstrate compliance with Common Criteria (CC) 7.3.

To access the SOC 2 CC7.3 Incident Detection and Response report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under SOC 2 Audit, click VIEW.
  4. Click SOC 2 CC7.3 Incident Detection and Response.

The report summary page displays two columns. Points of Focus lists points of focus, specifically related to all engagements using the trust services criteria, that highlight important characteristics relating to CC7.3. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that can demonstrate compliance with each point of focus.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides access to data related to security events and security incidents that were detected across your environment that help you demonstrate compliance with CC7.3. This criteria requires that the entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures.

Responds to Security Incidents

The Responds to Security Incidents point of focus requires you to demonstrate that procedures are in place for responding to security incidents and evaluating the effectiveness of those policies and procedures on a periodic basis.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Communicates and Reviews Detected Security Events

The Communicates and Reviews Detected Security Events point of focus requires you to demonstrate that detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary.

This section provides you with a link for quick access to the Event Analysis in the Alert Logic console where you can review summary, distribution and trending data for security events detected from monitored logs across your environment.

This section also provides you with a link for quick access to threat responses in the Incidents page to review security incidents detected in your environment and actions taken in response.

Develops and Implements Procedures to Analyze Security Incidents

The Develops and Implements Procedures to Analyze Security Incidents point of focus requires you to demonstrate that additional authentication information or credentials are required when accessing the system from outside its boundaries.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.