How Tricent helps your ISO27001 & SOC2 efforts and WHY you need Tricent!

Are you working on your ISO 27001 or SOC2 efforts? Find out how Tricent can help you.

By Tricent · May 27, 2024

Tricent is a logical access security software tool.

SOC2 Common Criteria 6.1

Managing Users with Logical Access Controls

The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.

Identifies and Manages the Inventory of Information Assets—The entity identifies, inventories, classifies, and manages information assets.

Restricts Logical Access—Logical access to information assets, including hardware, data (at rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components, is restricted using access control software and rule sets.

Complying with Common Criteria 6.1

When assessing an organization’s compliance with common criteria 6.1, an auditor will want to see that the organization has established protections through logical access controls by doing the following:

  • a) Creating an inventory of all information assets
  • b) Restricting logical access to all information assets
  • c) Identifying and authenticating users
  • d) Managing points of access
  • e) Managing access to information assets
  • f) Managing identification and authentication
  • g) Managing credentials for infrastructure software
  • h) Using encryption to protect data
  • i) Protecting encryption keys

Tricent compliance tool – points a,d,e

ISO27001

Tricent helps your organization to achieve within GWS/MS with externally shared files:

A.8.1.1 Inventory of assets Information and other assets associated with information and information processing facilities shall be identified, and an inventory of these assets shall be drawn up and maintained. Tricent’s functionalities address the critical aspects of ISO/IEC 27001’s A.8.1.1 requirement by helping organizations identify, maintain an inventory of, and protect their information assets, particularly those shared externally. Its automated and user-driven approach simplifies compliance, enhances data security, and supports effective information asset management, making it a valuable tool for organizations looking to comply with ISO 27001 standards.

A.8.1.2 Ownership of assets Assets maintained in the inventory shall be owned. Tricent’s features support the ISO/IEC 27001 requirement for asset ownership (A.8.1.2) by ensuring clear accountability for the assets shared externally. Through its auditing, control, and employee involvement features, Tricent promotes the assignment of ownership responsibilities, ensuring that all shared information and information processing facilities are accounted for and protected in line with the organization’s information security policies.

A.9.2.3 Management of privileged access rights The allocation and use of privileged access rights shall be restricted and controlled.

A.9.4.1 Information access restriction Access to information and application system functions shall be restricted in accordance with the access control policies. Tricent revokes access to files for external users after the collaboration is over

Tricent can assist in implementing access controls in accordance with ISO 27001 A9.1.1.1 and A 9.1.1.2

ISO/IEC 27001:2013 Information Security Management Systems

A.9 Access control

Calculate your digital footprint.

If you are concerned about your company’s exposure level, try our FREE RISK CALCULATOR and get a benchmark estimate on your exposure to your external file sharing.

Try our interactive demo