SOC 2
SOC 2 CC7.2: Security Event Monitoring Explained
Monitor system components for anomalies and security events, with alerts routed to personnel who can investigate and respond.
OFFICIAL REFERENCE (PARAPHRASED)
The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors. (AICPA TSC CC7.2)
Last reviewed: June 2026. Not legal or audit advice.
WHAT EVIDENCE SATISFIES THIS
- ✓ SIEM or logging platform configuration
- ✓ Alert routing and escalation procedure
- ✓ Sample alert investigation tickets
- ✓ Log retention policy aligned to risk
Cross-framework overlap
This control requirement also appears in:
See this control in your personalized checklist
Start free →See your readiness in 5 minutes
Answer a few questions and get a personalized, actionable checklist, free, no card.
Get your free checklist →