-3

Or Windows 11 pre-release, just cause I'm curious?

(By employees if that wasn't implicit.)

Polynomial
  • 132,208
  • 43
  • 298
  • 379
Gideon Felt
  • 1
  • 1
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Sep 17 '21 at 04:21

1 Answers1

3

SOC 2 does not prescribe any specific operating system, or explicitly prohibit the use of pre-release software. It is much more focused on organisational security practices than specific details like that.

What a compliance assessor would almost certainly want to know is:

  • What is your specific justification for using Windows 10 Insider or Windows 11 Pre-Release, instead of a supported build?
  • What data is being handled by these systems? What customer information do they have access to?
  • What risk assessments have you made about the use of these systems, given their role and level of access to sensitive data?
  • What compensating controls have you implemented in order to mitigate those risks?
  • If this is a temporary measure, what is your plan for migrating off of insider/beta/pre-release software?

If you can answer those questions in a satisfactory manner, you'll almost certainly be fine.

Polynomial
  • 132,208
  • 43
  • 298
  • 379