CC3.1
Specifies suitable objectives
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
Auditor test plan
How this is tested during the audit
Auditor reviews the annual risk-assessment scope memo and the linkage to the SOC 2 trust criteria.
Evidence
1 item attached to this control
- PDF
annual-risk-assessment-scope-2026.pdf
sha256:0000000000000000… · 279.3 KB · 51d ago
Last reviewed
51d
Within 180-day window
Evidence on file
2
Owner
DS
Director, Security
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Security
51d ago
Status set to implemented
81d ago
Initial control design approved
141d ago