Skip to Content

SOC 2 Commitment to Integrity and Ethical Values (Principle 1) (CC1.1)

216  Matthew Burdick September 26, 2022  Control Environment

Overview:
The entity demonstrates a commitment to integrity and ethical values.


Action Items:
1) Create an employee code of business conduct and ethics policy and publish to the company intranet for all employees to access and review.
2) Create an employee disciplinary policy that communicates to employees they may be terminated for noncompliance or nonconformity with a policy and/or procedure. Then, publish this on the company intranet for employees to access and review.
3) Inquire of the senior manager of compliance, or equivalent, to determine that employees are required to sign and acknowledge a confidentiality statement agreeing not to disclose proprietary or confidential information, including client information, to unauthorized parties.
4) Inspect the code of business conduct and ethics on the company intranet to determine that a code of business conduct and ethics is in place and communicated to employees.
5) Inspect the completed training documentation and evidence of management tracking for a sample of employees hired during the review period to determine that each sampled employee was required to review the Company code of conduct and completed trainings required for their position at the time of hire.
6) Inspect the completed background screening documentation for a sample of employees hired during the review period to determine that background screenings are performed for employees as a component of the hiring process for each employee sampled.


Related Documents:
1) Code of business conduct and ethics policy
2) Employee disciplinary policy
3) Completed training documentation
4) Evidence of tracking for completed training
5) Completed background screening documentation

Additional Guidance:
The following points of focus highlight important characteristics related to this criterion:


1) Sets the tone from the tope: The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical to support the functioning of the system of internal control.
2) Establishes standards of conduct: The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity's standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners.
3) Evaluates adherence to standards of conduct: Processes are in place to evaluate the performance of individuals and teams against the entity's expected standards of conduct.
4) Addresses deviations in a timely manner: Deviations from the entity's expected standards of conduct are identified and remedied in a timely and consistent manner.
5) Consider contractors and vendor employees in demonstrating its commitment - Management and the board of directors consider the use of contractors and vendor employees in its processes for establishing standards of conduct, evaluating adherence to those standards, and addressing deviations in a timely manner.
Not Rated
Secure Code