BIZOPS-26 External Assessment

What is this control about?

External Assessment Control ensures that as your organization goes through third-party examinations and audits, the results are shared with senior management and/or the board and made visible to all employees of the organization.

Available tools in the marketplace

N/A: No tools required

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• N/A: No templates are available for this control

Control implementation

To implement this control,

1. Go through an external third-party examination.
2. Share the results with senior management and/or the board.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for documentation that is documented within a ticketing system, along with:

1. The most recent external assessment
2. Evidence that the last external assessment was shared with senior management or the Board

Evidence example

For the suggested action, an example is provided below:

1. Most recent external assessment.
   The following screenshot is of the first page of the SOC 2 report as an example.
   
2. Evidence that the last external assessment was shared with senior management or the board.
   The following screenshot is of one slide from the board meeting presentation showing that compliance and security control results are shared with senior management.