Text of Recommendation | Continually evaluate the established policy for SOC 1 reports that requires service organizations to provide a SOC 1 report over the control environment that is relevant and significant to the processing and recording of SBA’s transactions as it relates to the SVOG program. If a SOC 1 report cannot be obtained, management should design, implement, and operate controls within SBA’s control environment. |
---|---|
Recommendation Number | 29 |
Recommendation Status | Open |
Significant Recommendation | Yes |
Submitting OIG | |
---|---|
Linked Report |