SOC2 Evidence - Population Lists

SOC2 Evidence - Population Lists

Sample of possible population lists from an auditor

  • List of all in-scope application code changes related to in-house development applications that have occurred during the review period
  • List of all network related changes to firewall and/or router rule set configurations that have occurred within the in-scope environment during the review period
  • List of all incidents reported during the review period
  • List of all company owned laptops and/or BYOD devices utilized within or that can connect to the in-scope environments.
  • List of all new hires during the review period
  • Inventory list of all servers and workstations utilized within the in-scope environments with details of their primary function/role (e.g. file server, domain controller, web server, application server, database server, desktop, etc.).
  • List of all system changes made during the review period, to include:- all in-scope application changes- all in-scope database changes- all in-scope operating system changes
  • List of all terminated employees during the review period
  • List of all vendors and contractors used for in-scope services during the review period
  • List of all transferred or reassigned employees employees during the review period
  • List of vulnerabilities, deviations, and control gaps that required remediation identified during the review period
  • List of Executive Management (e.g. President, CIO, CTO, CEO, CFO, etc) Members
  • List of all the installed patches applied to information systems in the past 12 months
  • List of all current employees during the review period
  • List of all customers during the review period
  • List of all data disposals (e.g. system disposals, hardware purging, document destruction, etc.) during the review period

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.