CC6
SOC 2 Trust Services Criteria
The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives.
Policies satisfying this criterion
- Acceptable Use Policy Last reviewed Jan 01, 2026