CC6.3 - Role-Based Access

CC6 SOC 2 Trust Services Criteria
The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives.

Policies satisfying this criterion