Reviewing a vendor’s SOC report is an important activity that gives insight into the vendor’s control environment. These controls will have certain objectives, some of which can only be achieved through applying CUECs. Your organization is solely responsible for implementing CUECs. By identifying, reviewing, and mapping vendor CUECs, your organization can ensure the right controls are implemented.