User Entity Management Responsibilities for Complementary User Entity Controls (CUECs)

A user entity's responsibility regarding complementary user entity controls (CUECs) is to 'implement CUEC(s) that address each control deemed necessary by the service organization for each relevant control objective.'

This means the user entity should work with the service organization to understand the control objectives and design and implement CUECs that effectively address those objectives. The user entity is not required to implement CUECs exactly as specified by the service organization but should ensure that the implemented CUECs effectively address the identified control objectives.