SOC2 Reporting & Management Response
Introduction When a SOC 2 report is issued, I have seen that in “Description of Tests of Controls and Results of Testing” section, if a control has an exception or a qualification, a management response is included. It explains how the exception or the qualification risk is being managed. Proponents of this approach say that …