Back

Include roles and responsibilities in the audit assertion's in scope system description.


CONTROL ID
16558
CONTROL TYPE
Audits and Risk Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an in scope system description., CC ID: 14873

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Because CSOCs are necessary, in combination with the service organization's controls, to provide reasonable assurance that certain service commitments and system requirements are achieved based on the applicable trust services criteria, it is important that the description also include the subservic… (¶ 3.71, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)