Manage Third Party Services - Morland-Austin

This article provides an overview of SOX 404 control Manage 3rd Party Services.

The typical SOX 404 IT controls for Manage Third Party Services are outlined below.

Description: Third party processes are adequately controlled so that they meet SOX 404 standards.

Control Objective: A documented process exists and is enforced for monitoring third party services.

Typical Evidence:

There is a documented process demonstrating how third party controls are reviewed.
Third party contracts include provisions for SOX 404 compliance standards.
There is a provision in the contract for auditing of procedures.
The third party provides an annual SSAE16 or similar.

For more information please contact Morland-Austin at info@morland-austin.com.

Find your way around our IT GRC Framework Educate & Explore

Where next?

Increase your knowledge
Links & relationships within the framework

Find out how Manage Third Party Services link(s) and relate(s) to:

Speak to one of our experts

Our IT GRC experts can help you with guidance and consultancy on ‘IT Compliance Management – SOX 404’