Demo · sample data, not for production use · request the real tool →

CC3.2

Identifies and assesses risk

SecurityPartialSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.

Auditor test plan

How this is tested during the audit

Auditor walks through the risk register, sampling 10 risks for evidence of likelihood/impact scoring and treatment plans.

Evidence

1 item attached to this control

Open vault →
  • XLS

    risk-register-2026q2.xlsx

    sha256:0000000000000000… · 507.0 KB · 73d ago

Last reviewed
73d
Within 180-day window
Evidence on file
3

Owner

DS
Director, Security
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by Director, Security

    73d ago

  2. Remediation plan opened

    87d ago

  3. Auditor flagged design gap

    133d ago