An ISAE 3402 | SOC 1 Audit Checklist

ISAE 3402 | SOC 1 is the standard for outsourcing. Most organisations outsource IT or other activities to service organisations. In this outsourcing, it is crucial that the service organisation providing ICT services is reliable.


Reliability can be divided into several aspects: risk management, information security, privacy, anti-fraud measures, and continuity. The ISAE 3402 | SOC 1 standard offers extensive opportunities to report on these aspects and have this report audited (certified) by an external accountant.

Since compiling SOC reports can be a complex process where you need to juggle multiple tasks, many companies find it handy to use an ISAE 3402 | SOC 1 compliance checklist to ensure all SOC requirements and ISAE 3402 | SOC 1 controls are covered:

  1. Is your company’s organisational structure defined?
  2. Have you delegated the task of developing policies and procedures to specific employees?
  3. What are your background screening procedures and employee conduct standards?
  4. Do employees and other stakeholders learn and understand how to use your systems?
  5. Are there procedures to address changes in a timely and effective manner?
  6. Have you conducted a formal risk assessment to identify, analyse, and mitigate potential threats to your system?
  7. Does your organisation regularly evaluate vendor managers?
  8. Do you annually evaluate all policies and procedures and update them as needed?
  9. Have you implemented physical and logical access controls?

Taking the time to complete an ISAE 3402 | SOC 1 audit checklist can be very useful as you organise your evidence in preparation for working with a CPA on your audit.

Share this blog

July 16, 2024

Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens Within the Advanced Red...

    July 15, 2024

    What is XXE (XML eXternal Entity) injection? A lot of...

      July 5, 2024

      Is the local administrator’s password reused in your environment? The...