Everything you need to know
Security and customers first

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.


Thank you for your request


In the meantime, connect with Hicomply for insights on authentication and fraud prevention


ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Resource Hub

SOC 2 Controls: CC4 Monitoring Activities


SOC 2 CC4.1 requires that your organisation selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning

CC4.1 highlights the following points of focus:

Considers a Mix of Ongoing and Individual Evaluations

Your organisation’s management should include a balance of continuing and separate evaluations.

Considers Rate of Change

The management team should consider the rate of change in business and business procedures when selecting and developing ongoing and individual evaluations.

Determines Baseline Understanding

The design and current state of an internal control system should be used to set up a baseline for ongoing and individual evaluations.

Uses Knowledgeable Personnel

Management should ensure that evaluators performing ongoing and individual evaluations have sufficient knowledge to understand what is being evaluated.

Integrates With Business Processes

Ongoing evaluations should be built into the business procedures and should be adjusted to changing conditions.

Adjusts Scope and Frequency

The management team should vary the scope and frequency of separate evaluations depending on risk.

Objectively Evaluates

Separate evaluations should be performed periodically to provide objective feedback.

Additional point of focus specifically related to all engagements using the trust services criteria:

Considers Different Types of Ongoing and Separate Evaluations

The management team should use a range of different types of ongoing and separate evaluations. This includes penetration testing, independent certification made against recognised specifications (e.g. ISO certifications), and internal audit assessments.


SOC 2 CC4.2 requires that your organisation evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

CC4.2 highlights the following points of focus:

Assesses Results

Management and the board of directors, as appropriate, should assess results of ongoing and separate evaluations.

Communicates Deficiencies

Any identified deficiencies should be properly communicated to parties responsible for taking corrective action and to senior management and the board of directors as appropriate.

Monitors Corrective Action

The management team should track whether deficiencies are remedied on a timely basis.

SOC 2 Hub

More Resource Hub

NIST 800-53 Hub
SOC 2 Controls: CC9 Risk Mitigation
SOC 2 Controls: CC8 Change Management