SOC 1 - Preparing & Reviewing the System Description: How To Streamline The Audit Process?

March 17, 2014

When issuing a SOC 1 report, the system description is the basis for the controls that the auditors test.

Preparing and reviewing the system description with key stakeholders, including members of management, IT, HR, and in-house council, is a beneficial exercise for SOC 1 preparation. The sooner a review is performed, the sooner the benefits of the review can be realized.

Benefits to the service organization / audit include:
  • Awareness of the SOC 1 subject matter by key stakeholders, management, legal and other interested parties.
  • Identification of any necessary scope, control objective, control activity or other report changes that should be reflected in the current year report.
  • Consideration of issues identified in prior year reports (as applicable) and the impact of these issues on the system description.
  • Identification and addition of user entity control considerations and non-key controls to the system description.
  • Improvement of the usability and clarity of the system description.
Have a question? Fill out the form at the bottom of the page.

Previous Article
The Persisting Challenges of SOC 2 Reporting
The Persisting Challenges of SOC 2 Reporting

via The Data Center Journal Increasing concerns regarding information security have heightened scrutiny of ...

Next Article
Microsoft Uses SOC 2 To Demonstrate CSA CCM Compliance
Microsoft Uses SOC 2 To Demonstrate CSA CCM Compliance

Via Data Center Knowledge SOC 2 reporting is still in its infancy stages. However, since its introduction i...