42 results found
-
old evidence
For section 11.3 would it make sense to also mention that old evidence is not accepted, such as an assessed entity giving a screenshot from 9 months ago with timestamp of a configuration. It might have been provided to the assessor during the 90 day window but the evidence provided by the assessed entity is maybe an old screenshot they borrowed from their SOC 2, 9 months ago and as such that is not indicative of the current environment.
1 vote -
Assessor QA review and fieldwork
It would be helpful to define whether Assessor Internal QA would fall within the fieldwork period or is it ok to be after the fieldwork is noted as finished.
1 vote