Ready to use prioritized SOC 2 Type 2 requirements, to:
Facilitate with involvement of IT, Software Development, Architecture and Security review of vendor systems, vendor applications, and cloud applications that process data for security and effective controls including identification of risks to organization information assets and identify methods to minimize risks. .
- Do you have a documented list of pre approved cloud based services that are allowed to be used for use and storage of organization business data via a mobile device?
- Does your organization have an asset management system to track software installed?
- Do you have a third party risk management program that monitors the performance of service providers?
- What difference does it make if management has strong entity level IT related controls?
- What difference does it make if management has weak entity level controls?
- How does the service auditor determine whether management has a reasonable basis for its assertion?
- Do you have detective and preventative controls on the device or via a centralized device management system which prohibit the circumvention of built in security controls?
- Is system performance monitored and tuned in order to continuously meet regulatory, contractual and business requirements for all the systems used to provide services to the tenants?
- Do your data management policies and procedures address tenant and service level conflicts of interests?
- What database management system is the application data stored in?
New to Kanban? Read this
Want to reuse this data? Purchase your license here:
One-time payment for perpetual commercial re-use
Questions? Email us HERE