AGILE APPROACH TO THE IMPLEMENTATION OF THE METHODOLOGY OF DATA COLLECTION, PROCESSING, STORAGE AND CLASSIFICATION IN ACCORDANCE WITH SOC2 TYPE2 REQUIREMENTS

Abstract

The issues related to compliance with the SOC 2 Type 2 standard when managing data in cloud environments are
considered. The work focuses on such key aspects as building a Medallion architecture, implementing access control, and
automating data classification processes. It is studied that one of the main requirements is the complexity of integrating SOC 2
with Agile processes and the high threshold of entry for organizations without deep expertise in AI and DevOps. In addition,
the dangers are posed by the shortcomings of traditional classification methods, which do not always take into account the
semantic context and require significant resources for scaling. It is also important to obtain the risks associated with the
inconsistency of encryption policies and the lack of effective monitoring. The use of LLM models integrated into Microsoft
Azure Fabric allows you to automate classification, increase the accuracy of entity detection, and provide multi-level access
control. The proposed architecture is due to the flexibility of Agile and the strictness of the SOC 2 Type 2 regulatory
requirements, which ensures constant compliance with the standard even in dynamic environments. Additionally, the use of the
Scrum approach allows for increased implementation of architecture components with regular auditing and process
transparency. Based on the most common problems that companies face when preparing for a SOC 2 audit, the main threats and
ways to minimize them were analyzed. The study considered both technological aspects (ETL, OneLake, Power BI, Data
Activator) and organizational ones (role distribution, sprint management). The analysis showed that the key difficulties are
associated with ensuring continuous monitoring, compliance with access policies and audit transparency. Taking these
challenges into account, recommendations have been developed for implementing databases on Azure Fabric and Azure AI
Foundry using Agile-praktic. Using iterative approaches, regular testing of controls, and integration of automated tools can
significantly reduce the risk of SOC 2 Type 2 non-compliance. In addition, an organization can improve data management
efficiency and provide customer trust to account for process transparency, continuous auditing, and adaptive architecture.
Keywords: SOC 2 Type 2, Agile, Scrum, Microsoft Azure, Medallion Architecture, OneLake, Fabric Data Factory,
Power BI, Data Activator, LLM, data classification, encryption, auditing, access control.

References
1. The Art of Service, SOC 2 Type 2 Report: A Complete Guide, 2020 Edition, 2020.
2. Deineka O., Harasymchuk O., Partyka A., Obshta A., Application of LLM for assessing the effectiveness and
potential risks of the information classification system according to SOC 2 type II, CEUR Workshop Proceedings, 2025.
3. Deineka O., Harasymchuk O., Partyka A., Kozachok V., Information classification framework according to SOC
2 Type II, CEUR Workshop Proceedings, 2024.
4. Deineka O., Harasymchuk O., Partyka A., Obshta A., Korshun N., Designing Data Classification and Secure
Store Policy According to SOC 2 Type II, CEUR Workshop Proceedings, 2024.
5. Ozdemir S., Quick Start Guide to Large Language Models: Strategies and Best Practices, 2023.
6. Armbrust M., Ghodsi A., Xin R., Zaharia M., Lakehouse: A New Generation of Open Platforms that Unify Data
Warehousing and Advanced Analytics, CIDR, 2021.
10. Martseniuk Y., et al.: Shadow IT risk analysis in public cloud infrastructure // CEUR Workshop Proceedings.
2024, 3800, pp. 22-31.
11. Martseniuk Y., et al.: Universal centralized secret data management for automated public cloud provisioning //
CEUR Workshop Proceedings. – 2024, 3826, pp. 72–81.
12. Shevchuk D., et al.: Designing Secured Services for Authentication, Authorization, and Accounting of Users //
CEUR Workshop Proceedings, 2023, 3550. pp. 217-225.
13. Microsoft, Azure Documentation, [Online]. Available: https://docs.microsoft.com/en-us/azure/.
14. Microsoft, SharePoint Documentation, [Online]. Available: https://learn.microsoft.com/en-us/sharepoint.
15. Microsoft, OneDrive Documentation, [Online]. Available: https://learn.microsoft.com/en-us/onedrive.
16. Microsoft, Power BI Documentation, [Online]. Available: https://learn.microsoft.com/en-us/power-bi/.
17. Schwaber, K., & Sutherland, J. The Scrum Guide: The Definitive Guide to Scrum. Scrum.org, 2020.
https://scrumguides.org/download?utm_source=chatgpt.com.
18. Cohn, M. Succeeding with Agile: Software Development Using Scrum. Addison-Wesley, 2009. ISBN-10:
0321579364; ISBN-13: 978-0321579362.
19. Beck, K. et al. Manifesto for Agile Software Development. Agile Alliance, 2001.
20. Rubin, K. S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Addison-Wesley, 2012.
21.Kniberg, H. Scrum and XP from the Trenches. InfoQ, 2007. https://scrumexpansion.org/scrum-guideexpansion-pack/?utm_source=chatgpt.com.