Compliance

Firewall review for SOC 2

SOC 2 auditors look for evidence that network controls — including firewall rules — are reviewed and managed. FirewallScan automates that review and documents it for you.

firewallscan.eu/analysis
What the standard requires

What SOC 2 expects from your firewall

SOC 2 is built around the Trust Services Criteria, with Security (the Common Criteria) at its core. Several criteria address logical and network access — restricting it, configuring it securely, and reviewing it.

SOC 2 is evidence-driven. An auditor will ask how you control network access and how you know it stays correct. Being able to show regular, documented firewall reviews is a clear, defensible answer.

  • Restrict network access to what is necessary
  • Configure boundary protection securely
  • Demonstrate the controls operate over the audit period
Why it matters

Why firewall review supports SOC 2

SOC 2 is the de facto trust standard for SaaS and service providers, and network controls are squarely in scope.

Common Criteria (CC6)

Logical and physical access controls expect network access to be restricted and boundary protections in place.

Operating effectiveness

Type II reports require evidence that controls operated consistently across the whole period, not just once.

Customer trust

A clean SOC 2 with demonstrable firewall review accelerates enterprise sales and renewals.

How FirewallScan helps

Continuous evidence for a Type II report

Type II audits care about operating effectiveness over time — so a single annual firewall review is weak evidence. FirewallScan lets you review on a regular cadence and produces a documented report each time.

That cadence builds exactly the continuous trail a SOC 2 auditor wants: proof that firewall rules are reviewed and remediated consistently throughout the period.

  • Regular, documented reviews across the audit period
  • Findings, severity and remediation in every report
  • Strong evidence of control operating effectiveness
firewallscan.eu/analysis

Frequently asked questions

See FirewallScan on your own configuration

Book a 30-minute demo and watch FirewallScan analyze a FortiGate config in minutes — prioritized findings, remediation steps and an executive-ready report.