Dynamic Signal-2019-Type 2 SOC 3-Final Report

Issue link: https://dynamicsignal.uberflip.com/i/1189186

Contents of this Issue


Page 17 of 17

Proprietary and Confidential 15 Dynamic Signal management, along with the subservice organizations, define the scope and responsibility of the controls necessary to meet all the relevant trust services criteria through written contracts, such as SLAs. In addition, Dynamic Signal performs monitoring of the subservice organization controls, including the following procedures: • Holding discussions with vendors and subservice organizations • Reviewing attestation reports over services provided by vendors and subservice organizations • Monitoring external communications, such as customer complaints relevant to the services by the subservice organizations COMPLEMENTARY USER ENTITY CONTROLS Dynamic Signal's services are designed with the assumption that certain controls will be implemented by user entities. Such controls are called complementary user entity controls. It is not feasible for all of the Trust Services Criteria related to Dynamic Signal's services to be solely achieved by Dynamic Signal control procedures. Accordingly, user entities, in conjunction with the services, should establish their own internal controls or procedures to complement those of Dynamic Signal's. The following complementary user entity controls should be implemented by user entities to provide additional assurance that the Trust Services Criteria described within this report are met. As these items represent only a part of the control considerations that might be pertinent at the user entities' locations, user entities' auditors should exercise judgment in selecting and reviewing these complementary user entity controls. 1. User entities are responsible for understanding and complying with their contractual obligations to Dynamic Signal. 2. User entities are responsible for notifying Dynamic Signal of changes made to technical or administrative contact information. 3. User entities are responsible for maintaining their own system(s) of record. 4. User entities are responsible for ensuring the supervision, management, and control of the use of Dynamic Signal services by their personnel. 5. User entities are responsible for developing their own disaster recovery and business continuity plans that address the inability to access or utilize Dynamic Signal services. 6. User entities are responsible for providing Dynamic Signal with a list of approvers for security and system configuration changes for data transmission. 7. User entities are responsible for immediately notifying Dynamic Signal of any actual or suspected information security breaches, including compromised user accounts, including those used for integrations and secure file transfers.

Articles in this issue

view archives of eBooks - Dynamic Signal-2019-Type 2 SOC 3-Final Report