SOC 2 Academy
How can your organization prove that it provides a secure service? How can you build a business based on information security and cybersecurity best practices? SOC 2 audits help organizations address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security, availability, processing integrity, confidentiality, and privacy of a system. There’s a lot to understand about SOC 2 audits, especially when considering the ever-changing threat landscape, but KirkpatrickPrice is here to help.
In this series, Joseph Kirkpatrick will walk you through elements of SOC 2 audits and reporting by discussing the common criteria. You will learn about communication skills, the Trust Services Criteria, risk management, monitoring practices, assigning responsibilities, incident response plans, and more. Choose a video below to begin learning about SOC 2 audits.
SOC 2 Academy: Documentation of Inputs
/0 Comments/in Video /by Joseph KirkpatrickWhen an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the processing integrity category in their audit, they would need to comply with the additional criteria for processing integrity. Processing integrity criteria 1.5 says, “The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entity’s objectives.” Let’s take a look at why your organization needs documentation of inputs if you’re pursuing SOC 2 compliance.