CC2.1
Obtains or generates relevant, quality information
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.
Auditor test plan
How this is tested during the audit
Auditor inspects the security dashboard, log retention policy, and SIEM alert taxonomy.
Evidence
2 items attached to this control
- XLS
siem-alert-taxonomy-v3.xlsx
sha256:0000000000000800… · 139.6 KB · 24d ago
- PDF
log-retention-policy-v4.pdf
sha256:0000000000000000… · 199.3 KB · 24d ago
Last reviewed
24d
Within 180-day window
Evidence on file
3
Owner
DS
Director, Security
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Security
24d ago
Status set to implemented
54d ago
Initial control design approved
114d ago