Skip to the main content.
Try GRC Playbook for free
Try GRC Playbook for free

SOC 2® for Service Organizations

SOC 2® Additional Criteria for Privacy

This library of SOC 2® for Service Organizations Playbooks provides a set of fully loaded and editable templates that represent the core of what is generally required to demonstrate compliance with the 2017 Trust Services Criteria for:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality, and
  • Privacy

They lay out in convenient and easily usable format, the control criteria established by the Assurance Services Executive Committee (ASEC) of the AICPA for use in attestation or consulting engagements to evaluate and report on controls over the security, availability, processing integrity, confidentiality, or privacy of information and systems (a) across an entire entity; (b) at a subsidiary, division, or operating unit level; (c) within a function relevant to the entity’s operational, reporting, or compliance objectives; or (d) for a particular type of information used by the entity.

Download the Playbook

Unlock access to a wealth of information.


What is the SOC 2® Additional Criteria for Privacy Playbook?

The SOC 2 Additional Criteria for Privacy Playbook addresses the following areas:

  • Notice and communication of objectives
  • Choice and consent
  • Collection
  • Use, retention, and disposal
  • Access
  • Disclosure and notification
  • Quality, and
  • Monitoring and enforcement



You Also Get

Policy Document Template

Policy Document Template

These templates are designed to be a starting point for your clients, which can be tailored for your client's specific organizational needs.

Overview Flow Charts

Overview Flow Charts

A diagrammatic representation of the flow of assessment activities within your playbook.



Our instructions for use. These are the same for all our playbooks, once you know how to use one, you can use them all.



A PowerPoint tutorial on the specific playbook, covering the most important aspects of this area of assessment.


One Subscription. 100+ Playbooks.

You know what your clients need, let us help you deliver.

Subscribe Now


Related Playbooks

SOC 2 Security (Common Criteria)

SOC 2 Additional Criteria for Processing Integrity

SOC 2 Additional Criteria for Availability

SOC 2 Additional Criteria for Confidentiality

SOC 2 Additional Criteria for Privacy

Based on Authoritative Sources


US Securities and Exchange Commission FRC FFIEC European Commission COSO

Sign up for our newsletter

and get the best of GRC Playbook straight to your inbox.