Include the responsible party for performing the control in the audit assertion's in scope system description.

CONTROL ID
14907

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Include a section regarding in scope controls related to the system in the audit assertion's in scope system description., CC ID: 14897

There are no implementation support Controls.

Who: The party responsible for performing the control (Table 3-1 Column 1 Row 3, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
Who: The party responsible for performing the control (Table 3-2 Column 1 Row 3, SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
As discussed in chapter 2, CUECs are controls that are necessary, in combination with the service organization's controls, to provide reasonable assurance that the service organization's service commitments and system requirements were achieved based on the applicable trust services criteria. When t… (¶ 3.53, SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
By whom or by what means the control was applied (Is the control automated or manual? Has there been high turnover of the personnel in the position that performs the control, and is the control being performed by an inexperienced person?) (¶ 3.128 a.iii., SOC 2Â® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)