Chapter 1 - SOC PLANNING AND PERFORMING Flashcards
What is SOC For Cybersecurity??
examination that describes an entity’s cybersecurity risk management program and related controls.
What are the 5 trust Services categories?
Security, Availability, Processing Integrity, Confidentiality, Privacy
Why is disclosure important for subsequent events?
It is required so users of the report are not misled
Where is the disclosure presented in the Soc report?
in the description of the company’s system or management’s assertion
Who determines if Disclosure is needed if there’s a subsequent event? What should Auditor do?
The auditor should request that management evaluate the breach and determine if a disclosure is needed.
Who are the intended users of a Soc 1
User auditor, user entities, and service org management
What does NIST Cybersecurity Framework Profile do?
Identifies the outcome a company has prioritized to remediate control gaps
What method does the Subcompany have to provide a Management representation letter? What do they both contain?
inclusive not carved out & description of sub companies services
What are you called if a company retains responsibility for controls and monitors you?
A vendor
What should an auditor do if a subsequent event becomes known?
Perform additional procedures
What is used to measure of evaluate managements description of the system?
Aicpa dc section 200 description criteria
What is used to measure of evaluate managements description of the system?
Aicpa dc section 200 description criteria
What criteria is used to prove controls were designed, implemented, and operated to provide assurance ?
Aicpa TSP section 100 trust services criteria
How does an auditor determine materiality?
-Misstatements
-qualitative and quantitative factors
-the circumstances, nature, size, and extent of misstatements
