As part of your vendor management program, you should be asking many of your vendors for a copy of their SOC audit report, especially your critical or high risk vendors.
To help guide you and your team in reading and understanding these complex reports, we've put together a step by step guide that breaks down the SOC report into easy to comprehend elements.
Download the eBook for:
- Why do you need your vendor's SOC audit report?
- Do you need their SOC 1, SOC 2 or both?
- Scope: Is your product/service covered in this report?
- What you need to know when reviewing the narrative and the controls sections
- What are the complementary user entity controls and the associated risk?
