Overview:
The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with specifications to meet the entity’s objectives.
Action Items:
1) Create an access control policy and related procedures and publish on the company intranet for employees to access and review.
2) Inspect the administrative access listings for the in-scope systems to determine that administrative access privileges to the centrally managed access control systems are restricted to user accounts accessible by authorized personnel.
3) Observe the error message of an incorrect password to determine that the system is configured to notify users when authentication fails.
Related Documents:
1) Access control policy
2) Administrative account inventory
3) Password configurations for in-scope systems
4) Error message for incorrect passwords
Additional Guidance:
The following points of focus highlight important characteristics related to this criterion:
1) Protects Output—Output is protected when stored or delivered, or both, to prevent theft, destruction, corruption, or deterioration that would prevent output from meeting specifications.
2) Distributes Output Only to Intended Parties—Output is distributed or made available only to intended parties.
3) Distributes Output Completely and Accurately—Procedures are in place to provide for the completeness, accuracy, and timeliness of distributed output.
4) Creates and Maintains Records of System Output Activities—Records of system output activities are created and maintained completely and accurately in a timely manner.
Article ID: 257
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/soc-2-policies-and-procedures-of-system-output-pi1-4-257.html