The controls used by the Business are assessed under this theory including the collection, use, disclosure, retention and disposal of such details in accordance with their Privateness Policy and the standards established forth inside the AICPA’s generally accepted privateness concepts (GAPP). The security incident response program is likewise evaluated in https://www.nathanlabsadvisory.com/blog/nathan/achieving-soc-2-compliance-a-crucial-step-towards-data-security/