Security policy distributed and acknowledged by every staff member

SOC2.CC2.COMMS · GLOBAL · operational_security

Severity

medium

Cadence

monthly

Region

global

Current status (Apollo Gaming Ltd.)

not evaluated

Requirement

Security and acceptable-use policies are documented, published in the employee handbook, distributed to new hires within 7 days of start, and acknowledged in writing.

Source: AICPA TSC — CC2 Communication & Information

Evidence specification

Evidence type Connector Spec Acceptance criteria

Evidence type	Connector	Spec	Acceptance criteria
`doc_presence`	`doc-sharepoint`	{ "path": "/policies/security-policy.pdf", "required_fields": [ "version", "last_reviewed_at" ] }	—
`training_record`	`hr-bamboohr`	{ "type": "security_policy_acknowledged", "required_fields": [ "employee_id", "acknowledged_at", "hired_at" ] }	`acknowledged_at - hired_at <= 7 days for every staff member`

doc_presence

doc-sharepoint

{
  "path": "/policies/security-policy.pdf",
  "required_fields": [
    "version",
    "last_reviewed_at"
  ]
}

—

training_record

hr-bamboohr

{
  "type": "security_policy_acknowledged",
  "required_fields": [
    "employee_id",
    "acknowledged_at",
    "hired_at"
  ]
}

acknowledged_at - hired_at <= 7 days for every staff member

Recent evaluations (Apollo Gaming Ltd.)

No evaluation history for this control yet.