SOC 2 Common Criteria 7.4 Incident Containment and Remediation

The SOC 2 Audit Reports provide documentation to help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 CC7.4 Incident Containment and Remediation report describes how to access vulnerability and threat response reporting features in the Alert Logic console that help demonstrate compliance with Common Criteria (CC) 7.4

To access the SOC 2 CC7.4 Incident Containment and Remediation report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under SOC 2 Audit, click VIEW.
  4. Click SOC 2 CC7.4 Incident Containment and Remediation.

The report summary page displays two columns. Points of Focus lists points of focus, specifically related to all engagements using the trust services criteria, that highlight important characteristics relating to CC7.4. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that can demonstrate compliance with each point of focus.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides access to your Incident Notification contacts, security incidents, vulnerability variance reports, and incident reports that help you demonstrate compliance with CC7.4. This criteria requires the entity to demonstrate that logical access security measures are implemented to protect against threats from sources outside its system boundaries.

Assigns Roles and Responsibilities

The Assigns Roles and Responsibilities point of focus requires you to demonstrate that roles and responsibilities for the design, implementation, maintenance, and execution of the incident response program are assigned, including the use of external resources when necessary.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Contains Security Incidents

The Contains Security Incidents point of focus requires you to demonstrate that procedures are in place to contain security incidents that actively threaten entity objectives.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Requires Additional Authentication or Credentials

The Requires Additional Authentication or Credentials point of focus requires you to demonstrate that additional authentication information or credentials are required when accessing the system from outside its boundaries.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Mitigates Ongoing Security Incidents

The Mitigates Ongoing Security Incidents point of focus requires you to demonstrate that procedures are in place to mitigate the effects of ongoing security incidents.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Ends Threats Posed by Security Incidents

The Ends Threats Posed by Security Incidents point of focus requires you to demonstrate that procedures are in place to end the threats posed by security incidents through closure of the vulnerability, removal of unauthorized access, and other remediation actions.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Restores Operations

The Restores Operations point of focus requires you to demonstrate that procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Develops and Implements Communication Protocols for Security Incidents

The Develops and Implements Communication Protocols for Security Incidents point of focus requires you to demonstrate that protocols for communicating security incidents and actions taken to affected parties are developed and implemented to meet the entity's objectives.

This section provides you with a link for quick access to a list of Incident Notification contacts for your organization in the Alert Logic console.

Obtains Understanding of Nature of Incident and Determines Containment Strategy

The Obtains Understanding of Nature of Incident and Determines Containment Strategy point of focus requires you to demonstrate an understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach.

This section provides you with a link for quick access to threat responses in the Incidents page to review security incidents detected in your environment and actions taken in response.

Remediates Identified Vulnerabilities

The Remediates Identified Vulnerabilities point of focus requires you to demonstrate that identified vulnerabilities are remediated through the development and execution of remediation activities.

This section provides you with a link for quick access to the Vulnerability Variance Reports in the Alert Logic console where you can review summary, trending and detailed lists for new, resolved and unresolved vulnerabilities your environment.

Communicates Remediation Activities

The Communicates Remediation Activities point of focus requires you to demonstrate that the remediation activities are documented and communicated in accordance with the incident-respons program.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Evaluates the Effectiveness of Incident Response

The Evaluates the Effectiveness of Incident Response point of focus requires you to demonstrate that the design of incident-response activities is evaluated for effectiveness on a periodic basis.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Periodically Evaluates Incidents

The Periodically Evaluates Incidents point of focus requires you to demonstrate that periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes.

This section provides you with a link for quick access to the Incident Analysis in the Alert Logic console where you can review summary, distribution, and trending data for security incidents detected across your environment.