Loading...
Templates Inspections SEO page

Run: SOC 2 Control Self-Test Worksheet

A SOC 2 Control Self-Test Worksheet for checking whether your Trust Services controls are designed, operating, and backed by evidence before the auditor arri...

Fill this out, get a PDF emailed to you. No account required. Want to run it with your team and track results? Sign up free →

Inspection Scope & Readiness

Verify the worksheet is limited to the scoped services, locations, and Trust Services Criteria in the audit period.
Confirm evidence dates fall within the period under review.
Each control has a named owner responsible for operation and evidence retention.
Assess whether evidence can be retrieved quickly and consistently during auditor testing.

Security Controls

Verify periodic access reviews were performed and exceptions were remediated.
Confirm elevated access is limited to authorized users with documented approval.
Check that sampled production changes have request, approval, testing, and deployment evidence.
Confirm logs are generated, retained, and reviewed for suspicious activity.
Verify incident records show triage, investigation, containment, and closure.

Availability & Resilience Controls

Verify backup jobs ran successfully and failures were remediated.
Confirm a recent restore test was completed and documented with results.
Check that uptime or service health thresholds are documented and monitored.
Verify the plan has been reviewed within the required cycle and reflects current dependencies.

Processing Integrity Controls

Confirm key data validation checks are defined and functioning as intended.
Verify exceptions are logged, reviewed, and reprocessed where appropriate.
Check that output totals or reconciliations are reviewed for completeness and accuracy.

Confidentiality & Privacy Controls

Verify confidential and personal data handling rules are defined for the scoped environment.
Confirm encryption controls are enabled for systems and data in scope.
Check retention schedules and secure disposal evidence for records in scope.
Verify privacy-related requests, complaints, or incidents are documented and resolved.

Evidence Quality, Exceptions & Sign-Off

Record any non-conformance, deficiency, or missing evidence discovered during the self-test.
Confirm remediation owners and target dates are assigned for all open issues.
Inspector confirms the worksheet was completed based on available evidence and observed results.

Get your results

Enter your email — we'll send you a PDF of your filled-out template, plus the occasional MangoScoop newsletter (templates, workflow tips, product updates). Unsubscribe anytime — link is in every email.

Generated with MangoApps Templates — browse 250+ free
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate