What are Complementary User Entity Controls in SOC Reports?

Can someone help me to know - What are Complementary User Entity Controls in SOC Reports?

Hi Fiona,

User Control considerations have for long been a significant part of SOC reports. Since SOC reports were referred to as SAS 70, the concept of User Control Considerations was observed within SOC reports. However, over the years the term User Control Considerations by the AICPA has changed.

Today they are controls that are known as Complementary User Entity Controls (CUEC). They are even referred to as Client Control considerations that are an essential part of any SOC report. SOC reports define the system controls implemented by Service Organization.

As a part of these system controls, user entities must implement and take responsibility for CUECs to ensure that the system controls designed are operating effectively. For Service Organizations to meet the control objectives, the user entity is required to appropriately implement the required CUEC.

Explaining this in detail, we have covered in the article the role of Complementary User Entity Controls in the SOC report. But before that let us first understand what is Complementary User Entity is Controls.

To know more visit this link: www.vistainfosec.com/blog/what-are-compl...rols-in-soc-reports/