Back

Include compliance requirements in the audit assertion's in scope system description.


CONTROL ID
16506
CONTROL TYPE
Audits and Risk Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an in scope system description., CC ID: 14873

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Do the principal service commitments and system requirements include compliance with legal requirements or contractual agreements? For example, if user entities are required by law to comply with the GDPR, these requirements are often included in the service-level agreements that they have with the … (¶ 2.70 Bullet 3 ¶ 1, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Because CSOCs are necessary, in combination with the service organization's controls, to provide reasonable assurance that certain service commitments and system requirements are achieved based on the applicable trust services criteria, it is important that the description also include the subservic… (¶ 3.71, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)