Demo · sample data, not for production use · request the real tool →

CC3.4

Identifies and assesses changes

SecurityImplementedSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity identifies and assesses changes that could significantly impact the system of internal control.

Auditor test plan

How this is tested during the audit

Auditor reviews the change advisory board (CAB) minutes and a sample of significant change post-mortems.

Evidence

1 item attached to this control

Open vault →
  • PDF

    cab-minutes-2026-04-12.pdf

    sha256:0000000000000000… · 94.2 KB · 12d ago

Last reviewed
12d
Within 180-day window
Evidence on file
4

Owner

VE
VP Engineering
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by VP Engineering

    12d ago

  2. Status set to implemented

    42d ago

  3. Initial control design approved

    102d ago