SOC 3 reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls.


ControlDescription
Control Environment: The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.Enforces accountability through structures, authorities, and responsibilities.
Risk Assessment: Identifies and analyzes risk
The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
Risk Assessment: Identifies and analyzes the significant change
The organization identifies and assesses changes that could significantly impact the system of internal control.
Control Activities: Deploys control activities through policies and procedures.
The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
Control Activities: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
Selects relevant method of communication.
Control Activities: Selects and develops control activities
The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
Monitoring Activities: Conducts ongoing and/or separate evaluations
Monitoring activities are periodic or ongoing evaluations to verify that each of the internal control, are present and functioning around their products.



To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.