Back

Include the time frame covered by the description in the audit assertion's in scope system description.


CONTROL ID
14884
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an in scope system description., CC ID: 14873

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Paragraph .A1 of AT-C section 105 states that the subject matter of an attestation examination may be "as of a point in time" or "for a specified period of time." Service organization management is responsible for determining the time frame to be covered by the description of the service organizatio… (¶ 1.24, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • A description of the service organization's system, the function performed by the system, and the period to which the description relates (Table 4-3 Column 3 Row 4 ¶ 1(1), Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Service organization management is responsible for identifying the specific subject matter to be examined, including the components of the system used to provide the service and the boundaries of that system. Service organization management is also responsible for establishing its service commitment… (¶ 1.22, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Paragraph .A1 of AT-C section 105 states that the measurement or evaluation of conditions or events addressed by an attestation examination may be "as of a point in time" or "for a specified period of time." Service organization management is responsible for determining the time frame to be covered … (¶ 1.39, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • A description of the service organization's system, the function performed by the system, and the period to which the description relates (Table 4-3 Column 3 Row 4 ¶ 2 1., SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)