SOC 2 Academy: Documentation of Inputs

Author: kirkpatrickprice00

Description: Learn more at

When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the processing integrity category in their audit, they would need to comply with the additional criteria for processing integrity. Processing integrity criteria 1.5 says, “The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entity’s objectives.” Let’s take a look at why your organization needs documentation of inputs if you’re pursuing SOC 2 compliance.
Like with the other criteria assessed during a SOC 2 audit, an auditor will want to see that an organization effectively documents how they input data to determine whether or not the organization complies with processing integrity criteria 1.5. This means that organizations who include the processing integrity category will need to demonstrate that they have policies in procedures in place regarding how they store inputs. Why? Because if there’s ever an instance where the integrity of processing activities is called into question, there needs to be a process and documentation readily available to verify when an action took place and who completed it.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701