This article provides an overview of SOX 404 control Manage 3rd Party Services.

The typical SOX 404 IT controls for Manage Third Party Services are outlined below.

Description: Third party processes are adequately controlled so that they meet SOX 404 standards.

Control Objective: A documented process exists and is enforced for monitoring third party services.

Typical Evidence:

  1. There is a documented process demonstrating how third party controls are reviewed.
  2. Third party contracts include provisions for SOX 404 compliance standards.
  3. There is a provision in the contract for auditing of procedures.
  4. The third party provides an annual SSAE16 or similar.

For more information please contact Morland-Austin at