SOC 2
SOC 2 CC6.1: Logical Access Controls Explained
Restrict logical access to systems and data so only authorized personnel can access protected information assets, with documented policies and periodic review.
OFFICIAL REFERENCE (PARAPHRASED)
The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events. (AICPA Trust Services Criteria CC6.1)
Last reviewed: June 2026. Not legal or audit advice.
WHAT EVIDENCE SATISFIES THIS
- ✓ Access control policy with annual review approval
- ✓ Identity provider configuration showing role-based access
- ✓ Quarterly access review log with manager attestation
- ✓ User provisioning and deprovisioning records
Cross-framework overlap
This control requirement also appears in:
See this control in your personalized checklist
Start free →See your readiness in 5 minutes
Answer a few questions and get a personalized, actionable checklist, free, no card.
Get your free checklist →