1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Itil as a Component for Methodology Collecting, Processing, Storing, and Classifying Data in Accordance With SOC2 Type2 Requirements

Itil as a Component for Methodology Collecting, Processing, Storing, and Classifying Data in Accordance With SOC2 Type2 Requirements

CSN.
2025;
Volume 7, Number 2
: pp. 50 - 59
https://doi.org/10.23939/csn2025.02.050
Authors:
  1. O. R. Deineka
  2. O. I. Harasymchuk
1
Lviv Polytechnic National University, Information Protection Department, Ukraine
2
Lviv Polytechnic National University, Information Protection Department, Ukraine

In a world where the amount of electronic data is growing at a rapid pace every day, businesses face a new challenge: how to maintain control over information, make it secure, yet at the same time accessible and useful. The authors of the article see the answer to this question in the implementation of an ITSM component that ensures compliance with the international SOC 2 Type 2 standard. This standard is a kind of “trust mark” for companies, as it confirms their ability to guarantee data security, confidentiality, and integrity.

A key element of the proposed methodology is data classification – a process that allows organizations to identify the most sensitive data and determine the appropriate level of protection. On this basis, a comprehensive information management system is built, which includes data collection, processing, storage, incident response, and access control. Importantly, the approach integrates the best practices of ITSM and ITIL: incident management, change management, knowledge management, and access management, thereby creating a transparent and controlled ecosystem.

Special emphasis is placed on the use of automation and intelligent technologies – from large language models for data analysis to ETL processes that ensure information hygiene. The methodology also introduces important roles such as data owner and data steward, who are responsible for accuracy, rele- vance, and compliance with SOC 2 Type 2 standards. The proposed approach not only reduces risks and ensures regulatory compliance but also increases client and partner trust while strengthening the culture of security within the organization. Despite challenges – such as the need for continuous monitoring and balancing between convenience and security – the methodology demonstrates how a properly implemented ITSM component can become a strategic advantage for business in the era of digital transformation.

SOC2 Type 2
ITSM
ITIL
data classification
data storage
data processing
data security
access control
information management
  1. SOC 2® - SOC for Service Organizations: Trust Services Criteria. URL: https://www.aicpa-cima.com/ topic/audit-assurance/audit-and-assurance-greater-than-soc-2.
  2. Sivananda Reddy Julakanti, Naga Satya KiranmayeeSattiraju, Rajeswari Julakanti. Data Protection through Governance Frameworks. DOI: https://doi.org/10.48550/arXiv.2502.10404S.
  3. ITIL  Foundation,  ITIL  4  Edition  - AXELOS,  First  Edition  (Feb.  2019).  ISBN  10:   0113316070, ISBN 13: 9780113316076.
  4. John Sansbury, Ernest Brewster, Aidan Lawes, Richard Griffiths. IT Service Management: Support for your ITSM Foundation exam, 3rd Edition, BCS, The Chartered Institute for IT, 2016, p. 225, ISBN-13: 978-1780173184.
  5. Randy A. Steinberg. Servicing ITSM: A Handbook of Service Descriptions for IT Service Managers, Trafford Publishing, 2013, p. 288, ISBN-13: 978-1490719566 .
  6. Shari S. C. Shang, Shu-Fang Lin. Barriers to Implementing ITIL - A Multi-Case Study on the Service-based Industry. DOI: https://doi.org/10.7903/cmr.1131.
  7. Amalka Peliarachchi, Janaka Wijayanayake. A-ITIL, ITIL and Agile Based Advanced Framework for Managing Software and IT Related Areas: A Systematic Literature Review. DOI: https://doi.org/10.4038/jdrra.v1i1.8.
  8. Jon Iden, Tom Roar Eikebrokk. Implementing IT Service Management: A systematic literature review. DOI: https://doi.org/10.1016/j.ijinfomgt.2013.01.004.
  9. ITIL – A guide to incident management. URL: https://www.academia.edu/29259782/ITIL_A_guide_to_ incident_management?utm_source=chatgpt.com.
  10. ITIL Change Management: Essential 2025 Guidelines! URL: https://www.simplilearn.com/itil-change- management-article?utm_source=chatgpt.com. 
  11. Andrew Dixon ‘ITIL Problem Management’ 2022 ISBN 9781003119975.
  12. Access  Management.  URL:  https://wiki.en.it-processmaps.com/index.php/Access_Management?utm_source =chatgpt.com.
  13. Ivanka Menken ‘Knowledge Management and ITIL V3: Creating the Adaptive Organization -  Making Knowledge Management Work with IT Service Management’ p.192, 2009, ISBN 192157352X, 9781921573521.
  14. Deineka O., Harasymchuk O., Partyka A., Obshta A., Korshun N. Designing Data Classification and Secure Store Policy According to SOC 2 Type II. CEUR Workshop Proceedings. 2024. 3654, pp. 398–409.
  15. Deineka O., Harasymchuk O., Partyka A., Obshta A. Application of LLM for Assessing the Effectiveness and Potential Risks of the Information Classification System According to SOC 2 Type II. CEUR Workshop Proceedings. 2025. 3991, pp. 215–232.
  16. Large Language Models for Text Classification: Case Study and Comprehensive Review by Arina Kostina et al., published in Computer Science Journal, 2024.
  17. Harasymchuk O., Deineka O., Partyka A., Kozachok V. Information classification framework according to SOC 2 Type II. CEUR Workshop Proceedings. 2024. 3826, pp. 182–189.
  18. Дейнека О., Гарасимчук О. Дослідження проблем класифікації та безпечного зберігання даних. Безпека інформації. 2023. 29. № 3. С. 147-153. DOI: https://doi.org/10.18372/2225-5036.29.18074.
  19. Дейнека О. Р., Гарасимчук О. І. Виклики та стратегії зберігання великих обсягів даних у сучасному світі. Захист інформації. 2024. Т. 25, № 4. С. 197–207. DOI: https://doi.org/10.18372/2410-7840.25.18225.
  20. Kamarudzaman Z. A., Jambari D. I. Change Management Framework for Managing Information Systems Post Adoption in Public Sector. 2021 International Conference on Electrical Engineering and Informatics (ICEEI), Kuala Terengganu, Malaysia, 2021, pp. 1-6. DOI: 10.1109/ICEEI52609.2021.9611150.
  21. Kapel E., Cruz L., Spinellis D., Van Deursen A. Enhancing Incident Management: Insights from a Case Study at ING. 2024 IEEE/ACM Workshop on Software Engineering Challenges in Financial Firms (FinanSE), Lisbon, Portugal, 2024, pp. 1-8.
  22. Pöhn D., Hommel W. New Directions and Challenges within Identity and Access Management in IEEE Communications Standards Magazine, vol. 7, no. 2, pp. 84-90, June 2023. DOI: 10.1109/MCOMSTD.0006.2200077.
  23. Beyadar H., Gardali K. Knowledge management in organizations. 2011 5th International Conference on Application  of  Information  and  Communication  Technologies  (AICT),  Baku,  Azerbaijan,  2011,  pp.  1-4.  DOI: 10.1109/ICAICT.2011.6110900.