We’ve all been there.

During your SOC 2 audit, you are asked to produce evidence that you held all of your weekly Security Steering Committee ...


During your SOC 2 audit, you are asked to produce evidence that you held all of your weekly Security Steering Committee meetings. As you print off the calendar entries one by one you come across a week where the meeting is missing.

Did we reschedule the meeting and if yes, why isn’t it showing up anywhere else?

Or, you can demonstrate that you had the meeting, but nobody took attendance. Was Frank there? Because one particular meeting we had a policy review and everyone needed to come prepared to discuss it, and then each person had to sign off on it. Frank claims he was there, but there is no evidence to prove it. In fact, there aren't any other signatures from anyone else either!

Or, you can prove the meeting was held and who was there, but no one took any notes (or they are lost!). What agenda items were covered? Who was assigned tasks? What tasks were able to be checked off in that meeting?

At this point, or at any other point in your SOC 2 audit, you feel like you should just throw all the paper copies up in the air, as it is useless if you are not able to show 100% compliance in this specific criteria.

Let’s take the saner approach. Using a tool like Work.software will give you the ability to:

  • Schedule meetings at the frequency that you need with the attendees that need to be there.
  • Attach agenda items that can be recurring for all meetings, or customized to only appear at a slower frequency, like quarterly or semi-annually.
  • Assign tasks to specific individuals while in the meeting and attach them to a specific future meeting.
  • Start and end the meeting with a timer, take attendance by a quick check-off by each of the names and take notes after each agenda item is discussed.
  • Finally, once the meeting is concluded, the meeting details and notes are instantly sent out via email as minutes to all attendees, as well as stored as a link in everyone’s dashboard on Work.software.
  • When the evidentiary information is being accumulated, you simply export your meetings to a folder that will not only go to the correct criteria, but down into the specific control!

No more undocumented meetings, missing notes, or disputes over who attended or what was accomplished in each meeting. It will all be housed in Work.software. Problem solved!!!

Similar posts