SOC 2 Audit Inventory
Overview
The Dash SOC 2 Audit Inventory Report provides teams with a way to automatically gather current internal controls related to SOC 2 trust service criteria. Teams can utilize these reports to track evidence for security audits and questionnaires and share this evidence with security auditors to streamline the SOC 2 audit process.
Reports can be created in the Report Center.
Reports are created for the current date they are generated and reflect the current passing controls/scans and related policies.
Reports can be generated on different dates to compare and measure internal control effectiveness.
Create SOC 2 Inventory Report
To view a report and all related/current controls, you can follow these steps:
Login to Dash ComplyOps
Click the “Report Center” in the Left Sidebar
Click the “Create Audit Inventory” button under the SOC 2 Report Section.
Select the Scanset (environment) you want to create an Audit Inventory for and click “Create Audit Inventory”.
After clicking the button, the application will start generating the Audit Inventory/Control Inventory
The report may take around 10 seconds of loading
An excel file will then be downloaded with the for SOC 2 Audit Inventory for the environment.
Note: If this file does not download, check that your browser is not blocking file downloads (make sure that downloads are allowed in the browser navigation bar)
You can now open the SOC 2 Audit Inventory report file. You will see the following information as part of the report.
Environment Scope - This section lists the date and information about the scanset and environment that is being reported on.
The Report ID is a unique ID that is also listed on each Control Statement URL, enabling your team to ensure integrity and confirm that the application links match the current report.
ID - Reference for the SOC 2 requirement being tracked.
Category - The category of the SOC 2 requirement
Requirement - The SOC 2 Trust Service Criteria (IE. CC1.1, CC.2)
Control Guidance - The criteria requirement/requirement text from SOC 2 Trust Service Criteria (TSC)
Dash Related Policies - Lists all Dash adopted policies (as of the date the report was generated) related to a SOC 2 requirement
Links for each policy are provided and link to the latest version of the policy stored in the Dash Policy Center
Viewers of these links must be a user with a Dash login to access these pages.
Current Control Statements - Lists all passing compliance scans and controls (as of the date the report was generated)
Links for each control statement are provided and link to control pages detailing the current passing/effective control - including timestamp, Report ID and control information for each statement.
Control Statement pages can be shared on the
Viewers of these links must be a user with a Dash login to access these pages.
Note: All data included in the excel report, as well as all “Dash Related Policies” and “Current Control Statements” URLs are related to that individual current excel report and generated date.
This means, as your team generates new Audit Inventory Report, the information listed and URL links will have new Dash control page links showing the latest Report ID, Control Report Date, and control information.
To compare controls over time your team may generate a report for a scanset on one date, generate a new report for a later date and then compare policies and control statements (Both reports will have information and URLs related to their Report ID)
Sharing Reports
Teams can share Audit Inventory Report excel files with trusted individuals to provide proof of internal security controls within the organization.
Additionally, 3rd parties and security auditors can click and view pages from the report URLs if they have a user account for your organization:
Add the auditor/external user as a user into your Dash application.
Login to Dash ComplyOps
Go To Settings > User Management
Click the “Invite User” button
Add a user email as an Observer role (or greater permission role)
The new user should be able to view all Audit Inventory Report links once they have finished creating their user account