This message was posted by a user wishing to remain anonymous
Is anyone willing to share their ongoing monitoring procedures. I am in the process of creating them, I started with Initiate the review by retrieving ongoing monitoring schedule and filtering the schedule by next review date. Request documentation from our ongoing monitoring checklist. This is where I get hung up, I need to incorporate SME's assessment and regardless of risk rating, the review should take into account our whole vendor inventory. I keep writing them to only reflect third parties who produce SOC reports. Any blank formats would be greatly appreciated.
-------------------------------------------