Overview:
The entity implements policies and procedures over system inputs, including controls over completeness and accuracy, to result in products, services, and reporting to meet the entity’s objectives.
Action Items:
1) Inspect an example new account creation to determine that the application is configured to automatically perform edit checks on data entered during the account creation process so that new application accounts are set up according to the company’s input requirements.
2) Inspect the monitoring application configuration and user listing to determine that access to logs are appropriately restricted to authorized personnel.
Related Documents:
1) New user account configurations
2) User activity log monitoring configurations
3) Inventory list of users with access to user activity logs
Additional Guidance:
The following points of focus highlight important characteristics related to this criterion:
1) Defines Characteristics of Processing Inputs—The characteristics of processing inputs that are necessary to meet requirements are defined.
2) Evaluates Processing Inputs—Processing inputs are evaluated for compliance with defined input requirements.
3) Creates and Maintains Records of System Inputs—Records of system input activities are created and maintained completely and accurately in a timely manner.
Article ID: 255
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/soc-2-policies-and-procedures-of-system-inputs-pi1-2-255.html