The GRC Lead or a Member of Leadership Begins the SOC 2 Audit Process by Defining What Templates will be Used
Work.software comes complete with a set of meeting templates for you to use during your SOC 2 audit. These come pre-configured with agenda items and tasks just to give you a starting point. Meeting templates are the ones with N under the Checklist column:
The first step in the process is for the GRC Lead to look down the list and select via the pencil icon, any templates that they won't need in their specific SOC 2 audit and for each of them select the "Disable Template" button.
The templates that you disable will then wind up in the Disabled Template Tab.
Next step is to set up your various templates so that they prescribe the details of what the GRC Lead wants each meeting to cover, who the host is, and what the frequency of the meetings will be. Go to the Meetings & Checklists tab and select the pencil icon:
Here are the line items to complete. Keep in mind that you are setting the stage for how each meeting type will be executed. The example here will be a Change Advisory Board meeting.
- Check off if this is a checklist, in this case it is not.
- Give the meeting a name: Change Advisory Board.
- A criteria/control is already assigned but you can add additional ones with the two separate pulldowns. (Screens for these will follow).
- The host will default to you, but by clicking on it you can assign someone else instead.
- You can define if this meeting repeats and at what frequency: weekly, monthly, quarterly, semi-annually, annually or “on demand”.
- Expected duration of the meeting.
- Next, select the attendees for this meeting via the pulldown.
Last step. You can save this provisionally if you think you may want to revisit it. Publish it if it is done. Here is what the completed template looks like:
Adding additional Criteria and Controls is quick and easy.
Now that the template is complete and the host has been defined the Master Template List will show a green yes under the Assigned Column and the host is also noted.
The next step in this process is to look at the agenda items that come pre-populated in the template and make any adjustments to them. Please see the article on "How to Manage Agenda Items in a GRC Meeting Template".