kirkpatrickprice
SOC 2 Academy Quality and Accuracy of Your Data
Learn more at kirkpatrickprice.com/
While the security category applies to all organizations pursuing SOC 2 compliance, knowing whether or not you should include additional categories depends on the type of services you offer. If your organization provides services to your clients that relies on the quality and accuracy of data that is processed and output for your clients, you would need to include the processing integrity category in your SOC 2 audit.
The processing integrity category asks whether or not a service organization’s processing services are provided in a complete, accurate, and timely manner. To comply with this category, or more specifically, processing integrity criteria 1.1, service organizations should use the following two points of focus relating to the quality and accuracy of data:
1. Entities should identify information specifications that are required to support the use of products and services.
2. Entities should define data necessary to support a product or service.
3. Let’s say that an auditor is verifying compliance with processing integrity criteria 1.1. The organization in question is an employee benefits service provider who provides reports to clients that they rely upon. The auditor will want to see that the organization defines the data that’s used in the report, which could be done by providing the source of the data, the date range that the data was used to produce the report, or how the data was calculated. Whichever way organizations decide to define the data, ensuring the quality and accuracy of data is critical to complying with the processing integrity category.
SOC 2 Academy Quality and Accuracy of Your Data
Learn more at kirkpatrickprice.com/
While the security category applies to all organizations pursuing SOC 2 compliance, knowing whether or not you should include additional categories depends on the type of services you offer. If your organization provides services to your clients that relies on the quality and accuracy of data that is processed and output for your clients, you would need to include the processing integrity category in your SOC 2 audit.
The processing integrity category asks whether or not a service organization’s processing services are provided in a complete, accurate, and timely manner. To comply with this category, or more specifically, processing integrity criteria 1.1, service organizations should use the following two points of focus relating to the quality and accuracy of data:
1. Entities should identify information specifications that are required to support the use of products and services.
2. Entities should define data necessary to support a product or service.
3. Let’s say that an auditor is verifying compliance with processing integrity criteria 1.1. The organization in question is an employee benefits service provider who provides reports to clients that they rely upon. The auditor will want to see that the organization defines the data that’s used in the report, which could be done by providing the source of the data, the date range that the data was used to produce the report, or how the data was calculated. Whichever way organizations decide to define the data, ensuring the quality and accuracy of data is critical to complying with the processing integrity category.