Policy, Program and Procedures

Hi,

Does anyone have a procedure that assists Vendor Owners with filling out their own CUECs?  For example, for each line item in the CUEC's generally the responses refer to a policy or a procedure.  I am struggling with assistance from Vendor Owners on this.  I do have a procedure in place listing the purpose/importance of answering the CUECs along with answering via policy/procedure and if not, determine where it needs to be added or created.. 

What are others doing to assist with this issue?

Thanks,

Kelli

Hi,

Does anyone have a procedure that assists Vendor Owners with filling out their own CUECs?  For example, for each line item in the CUEC's generally the responses refer to a policy or a procedure.  I am struggling with assistance from Vendor Owners on this.  I do have a procedure in place listing the purpose/importance of answering the CUECs along with answering via policy/procedure and if not, determine where it needs to be added or created.. 

What are others doing to assist with this issue?

Thanks,

Kelli

Good morning,

 

This is a template that I have used as an auditor for the mapping of a SOC 2, in this example the sub-service organization is Workday.  The CUEC tab I map to Company ABC internal controls to the CUECs in Workday's listing of CUECs seen in the report.

 

Hope this helps!

 

Donna

 

Donna Wilson | Security and Compliance Manager Navigate Wellbeing Solutions   |

 

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or may otherwise be protected by law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachment thereto.

 

 

Original Message:
Sent: 6/20/2024 7:39:00 AM
From: Kelli Shoup
Subject: CUEC Department Procedures

Hi,

Does anyone have a procedure that assists Vendor Owners with filling out their own CUECs?  For example, for each line item in the CUEC's generally the responses refer to a policy or a procedure.  I am struggling with assistance from Vendor Owners on this.  I do have a procedure in place listing the purpose/importance of answering the CUECs along with answering via policy/procedure and if not, determine where it needs to be added or created.. 

What are others doing to assist with this issue?

Thanks,

Kelli

Original Message:
Sent: 6/20/2024 8:56:00 AM
From: Donna Wilson
Subject: RE: CUEC Department Procedures

Good morning,

 

This is a template that I have used as an auditor for the mapping of a SOC 2, in this example the sub-service organization is Workday.  The CUEC tab I map to Company ABC internal controls to the CUECs in Workday's listing of CUECs seen in the report.

 

Hope this helps!

 

Donna

 

Donna Wilson | Security and Compliance Manager Navigate Wellbeing Solutions   |

 

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or may otherwise be protected by law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachment thereto.

 

 

Original Message:
Sent: 6/20/2024 7:39:00 AM
From: Kelli Shoup
Subject: CUEC Department Procedures

Hi,

Does anyone have a procedure that assists Vendor Owners with filling out their own CUECs?  For example, for each line item in the CUEC's generally the responses refer to a policy or a procedure.  I am struggling with assistance from Vendor Owners on this.  I do have a procedure in place listing the purpose/importance of answering the CUECs along with answering via policy/procedure and if not, determine where it needs to be added or created.. 

What are others doing to assist with this issue?

Thanks,

Kelli