Compliance
Controls
423 controls · auto-mapped to your active frameworks by EIGEL AI.
| Control ID | Control | Owner | Source | Framework mapping | Tests | ||
|---|---|---|---|---|---|---|---|
| AST-1 | Asset disposal procedures utilized The company has electronic media containing confidential information purged or destroyed in accordance with best… | LCLaurie Cain | EEIGEL GRC | SOC 2 · CC 6.5 | 2/3 | ||
| AST-2 | Data retention procedures established The company has formal retention and disposal procedures in place to guide the secure retention and dis… | WDWill Dean | EEIGEL GRC | SOC 2 · CC 5.3 | 2/2 | ||
| AST-3 | Production inventory maintained The company maintains a formal inventory of production system assets. | LCLaurie Cain | EEIGEL GRC | SOC 2 · CC 6.1 | 2/3 | ||
| ACC-1 | Access provisioning approved Access to production systems is approved by an authorized manager prior to grant. | APAmy Prawnson | Okta | SOC 2 · CC 6.2 | 3/3 | ||
| ACC-2 | Quarterly access reviews performed Quarterly access reviews are conducted to validate appropriate access levels. | APAlejandro Petit | Okta | SOC 2 · CC 6.3 | 1/2 | ||
| ENC-1 | Data at rest encrypted Customer data is encrypted at rest with AES-256. | AMAmanda Mott | AWS | ISO 27001 · A.10.1 | 2/2 | ||
| ENC-2 | TLS enforced in transit All public endpoints require TLS 1.2 or higher. | WDWill Dean | Cloudflare | SOC 2 · CC 6.7 | 1/1 | ||
| VUL-1 | Vulnerability scans run weekly Production infrastructure is scanned for vulnerabilities weekly with remediation SLAs. | APAmy Prawnson | Snyk | PCI DSS · 11.3 | 0/2 |
