🛡️

SOC 2 Type I Beredskap

Trust Service Criteria — AAMOS
🔒
Security
CC 1–9
72% Partiell
📡
Availability
A 1.1–1.3
85% God
⚙️
Processing Integrity
PI 1.1–1.5
60% Partiell
🔏
Confidentiality
C 1.1–1.2
70% Partiell
👤
Privacy
P 1–8
45% Saknas
Har kontroll
Partiell
Saknas
SECURITY — BEFINTLIGA KONTROLLER
CC 6.1 — Logical Access Controls
JWT-baserad autentisering + RBAC
Identity-core med rollbaserade behörigheter
CC 6.6 — Encryption in Transit
TLS 1.3 på alla endpoints
Nginx + ALB terminering, HTTPS-enforced
CC 7.2 — Monitoring & Alerting
OTEL + Prometheus + watchdogs
Continuell monitoring, integrity-watchdog.sh
CC 6.7 — Encryption at Rest
Partiell — AWS EBS krypterat, MinIO ej verifierat
MinIO server-side encryption ej konfigurerat
GAP
CC 9.2 — Vendor Management
Saknas — ingen formell leverantörsbedömning
OpenAI, Anthropic, Twilio, AWS ej riskbedömda
AVAILABILITY — KONTROLLER
A 1.1 — Availability Commitments
Watchdogs + auto-restart
amos-watchdog.sh, gateway-watchdog.sh, health-check.sh
A 1.2 — Environmental Protections
AWS EC2 multi-AZ + MinIO backup
rclone sync, daily-backup.sh (AMOS-101)
A 1.3 — Recovery
Partiell — backup finns, RTO/RPO ej definierat
Backup-restore-test.sh saknar SLA-definition
PRIVACY — SAKNADE KONTROLLER (GAPS)
P 1 — Privacy Notice
Saknas — ingen publik integritetspolicy
Behövs för GDPR + SOC 2
P 4 — Data Retention
Saknas — ingen dokumenterad retention policy
Var lagras data? Hur länge? Vem rensar?
P 8 — Individual Rights
Saknas — ingen DSAR-process
Data Subject Access Request-hantering behövs
POLICIES & DOKUMENTATION
SOC 2 Beredskapsrapport
/opt/amos/data/policies/soc2-readiness.md
Läs
Information Security Policy
Behöver skapas — se soc2-readiness.md
Incident Response Plan
Behöver skapas
AAMOS · SOC 2 Type I Beredskap
Genererad