Some healthcare organizations will accept an independent audit report in lieu of a vendor completing an assessment questionnaire. The most commonly accepted type of audit report for assessing a vendor's security posture is a System and Organization Controls (SOC) 2 Type II report.
Knowing what to look for in a SOC 2 Type II audit report will help your risk assessment team gain insight into a vendor's security program and help you identify any exceptions that require your follow up. This infographic covers the key elements to review.
Download the infographic to learn:
- 5 key elements of a vendor SOC 2 Type II report to review
- What Trust Services Criteria must be covered
- What to look for in an auditor's opinion
- How to evaluate the vendor's response
