Overview:
The entity obtains or generates, uses, and communicates relevant, quality information regarding the objectives related to processing, including definitions of data processed and product and service specifications, to support the use of products and services.
Action Items:
1) Inspect the Company website to determine that the entity defines and identifies data required to support the use of the products and services.
Related Documents:
1) Evidence that the company website defines and identifies data required to support the use of the product(s) and service(s) provided.
Additional Guidance:
The following points of focus highlight important characteristics related to this criterion:
1) Identifies Information Specifications—The entity identifies information specifications required to support the use of products and services.
2) Defines Data Necessary to Support a Product or Service—When data is provided as part of a service or product or as part of a reporting obligation related to a product or service:
(1) The definition of the data is available to the users of the data
(2) The definition of the data includes the following information: The population of events or instances included in the data; The nature of each element (for example, field) of the data (that is, the event or instance to which the data element relates, for example, transaction price of a sale of XYZ Corporation stock for the last trade in that stock on a given day); Source(s) of the data; The unit(s) of measurement of data elements (for example, fields); The accuracy/correctness/precision of measurement; The uncertainty or confidence interval inherent in each data element and in the population of those elements; The date the data was observed or the period of time during which the events relevant to the data occurred; The factors in addition to the date and period of time used to determine the inclusion and exclusion of items in the data elements and population
(3) The definition is complete and accurate.
(4) The description of the data identifies any information that is necessary to understand each data element and the population in a manner consistent with its definition and intended purpose (meta-data) that has not been included within the data.
Article ID: 254
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/soc-2-quality-of-information-in-processing-data-pi1-1-254.html