Include the nature of each incident in the audit assertion's in scope system description.

CONTROL ID
14889

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Include a section regarding incidents related to the system in the audit assertionâs in scope system description., CC ID: 14878

There are no implementation support Controls.

Nature of the incident (¶ 3.33 Bullet 1, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
Nature of the incident (¶ 3.40 Bullet 1, SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
In performing procedures, the service auditor may become aware of a system incident that has affected a system of the service organization that is not the system under examination. For example, the service organization may experience a breach in an IT system that is not a component of the system und… (¶ 3.185, SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)