Sufficient Controls
SOC reports should be reviewed to verify that your vendor has sufficient controls in place to protect their systems.
Review during residual risk determination, vendor selection, contract management, and ongoing monitoring.
When to review
A SOC report is an independent audit report performed by a certified public account (CPA).
Independent