A SOC 2 requirement is to have a confidential reporting channel available to employees and external users to report security, confidentiality, integrity, and availability concerns. This requirement is typically met by posting an email on your security page and directing users to email you at security@[domain].com.
If your company uses GSuite, we recommend creating a simple Google Group or an alias for your engineering team. An example of a security email is security@secureframe.com or an equivalent.
Comments
0 comments
Article is closed for comments.