SOC 2/Type 2 Report. If the Department requires Contractor to provide a SOC audit report, Contractor will furnish the Department with a copy of Contractor’s annual independent service auditor’s report on Contractor’s controls relevant to security, availability, processing integrity, confidentiality, and privacy. The SOC audit report must be a type 2 report that includes management’s description of Contractor’s system and the suitability of the design controls set forth in AICPA Trust Services Criteria Section 100 (2017). This independent audit of the Contractor’s controls must be completed in accordance with the AICPA SSAE No. 18 (SOC 2, Type 2). The SSAE 18 (SOC 2, Type 2) annual audit will include all programs under the Contract and will be conducted at the Contractor’s expense. If the Contractor’s SSAE 18 (SOC 2, Type 2) audit covers less than twelve (12) months of a calendar year, the Contractor will provide a bridge letter to the Department, stating whether processes and controls have changed since the SSAE 18 (SOC 2, Type 2) audit. In addition, the Department requires Contractor to submit a letter of attestation indicating Contractor’s receipt of management’s assertion of control compliance from Contractor’s subcontractors.
Appears in 10 contracts
Samples: Information Security Agreement, Information Security Agreement, Information Security Agreement
SOC 2/Type 2 Report. If the Department requires Contractor to provide a SOC audit report, Contractor will furnish the Department with a copy of Contractor’s annual independent service auditor’s report on Contractor’s controls relevant to security, availability, processing integrity, confidentiality, and privacy. The SOC audit report must be a type 2 report that includes management’s description of Contractor’s system and the suitability of the design controls set forth in AICPA Trust Services Criteria Section 100 (2017). This independent audit of the Contractor’s controls must be completed in accordance with the AICPA SSAE No. 18 (SOC 2, Type 2). The SSAE TheSSAE 18 (SOC 2, Type 2) annual audit will include all programs under the Contract and will be conducted at the Contractor’s expense. If the Contractor’s SSAE 18 (SOC 2, Type 2) audit covers less than twelve (12) months of a calendar year, the Contractor will provide a bridge letter to the Department, stating whether processes and controls have changed since the SSAE 18 (SOC 2, Type 2) audit. In addition, the Department requires Contractor to submit a letter of attestation indicating Contractor’s receipt of management’s assertion of control compliance from Contractor’s subcontractors.
Appears in 1 contract
Samples: Information Security Agreement
