Due Diligence and Ongoing Monitoring

 View Only

  • 1.  SOC Reports: When Vendors Do Not Have One

    This message was posted by a user wishing to remain anonymous
    Posted 12 hours ago
    This message was posted by a user wishing to remain anonymous

    What is acceptable documentation in leu of a SOC report when a vendor does not have a SOC, such as a privately owned business?



    -------------------------------------------


  • 2.  RE: SOC Reports: When Vendors Do Not Have One

    Posted 11 hours ago
    We generally include the following in our document requests:
    "If you prefer not to disclose some of the requested documentation, please provide a written explanation so that we may provide it to our regulators."