CC9.2SOC 2Risk mitigation - third-party risk management
The entity assesses and manages risks associated with vendors and business partners.
- Trust Service Criterion
- CC
- Audit period
- type-2
- Points of focus
- Vendors are risk-ranked
- Vendor commitments and controls are reviewed
- Ongoing monitoring is performed for critical vendors