This would be a great question for your chosen audit firm, as a good audit partner is there for you not just during the audit, but in preparing for it as well. This is another reason why having a readiness assessment is a great thing to do prior to your first SOC audit, as your audit partner will guide you through control design and what evidence they'll be looking for once your audit period begins. That said, in this context two of the areas you'll want to focus on are your vendor's Complementary User Entity Controls and how you're satisfying the applicable ones, and understanding what critical controls you rely on your vendors to perform on your behalf that are in scope of the SOC audit, Complementary Subservice Organization Controls, and that your vendor did not have any exceptions, especially around those controls.
Original Message:
Sent: 09-03-2021 04:26 PM
From: Anonymous Member
Subject: SOC 1 audit
This message was posted by a user wishing to remain anonymous
Next year we will be undergoing a SOC 1 audit.
Part of our responsibility is reviewing the SOC reports of our 3rd parties that fall under the scope and how they relate to the services they are providing to us.
Any guidance on this and any templates that are used to show our diligence in reviewing the 3rd party SOC reports?