kirkpatrickprice
SOC 2 Academy Documentation of Inputs
Learn more at kirkpatrickprice.com/video/so...
When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the processing integrity category in their audit, they would need to comply with the additional criteria for processing integrity. Processing integrity criteria 1.5 says, “The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entity’s objectives.” Let’s take a look at why your organization needs documentation of inputs if you’re pursuing SOC 2 compliance.
Like with the other criteria assessed during a SOC 2 audit, an auditor will want to see that an organization effectively documents how they input data to determine whether or not the organization complies with processing integrity criteria 1.5. This means that organizations who include the processing integrity category will need to demonstrate that they have policies in procedures in place regarding how they store inputs. Why? Because if there’s ever an instance where the integrity of processing activities is called into question, there needs to be a process and documentation readily available to verify when an action took place and who completed it.
SOC 2 Academy Documentation of Inputs
Learn more at kirkpatrickprice.com/video/so...
When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the processing integrity category in their audit, they would need to comply with the additional criteria for processing integrity. Processing integrity criteria 1.5 says, “The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entity’s objectives.” Let’s take a look at why your organization needs documentation of inputs if you’re pursuing SOC 2 compliance.
Like with the other criteria assessed during a SOC 2 audit, an auditor will want to see that an organization effectively documents how they input data to determine whether or not the organization complies with processing integrity criteria 1.5. This means that organizations who include the processing integrity category will need to demonstrate that they have policies in procedures in place regarding how they store inputs. Why? Because if there’s ever an instance where the integrity of processing activities is called into question, there needs to be a process and documentation readily available to verify when an action took place and who completed it.