CC5.1
Selects and develops control activities
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
Auditor test plan
How this is tested during the audit
Auditor traces a sample of risks from the register to a documented control activity in the SOC 2 control matrix.
Evidence
1 item attached to this control
- XLS
soc2-control-matrix-v7.xlsx
sha256:0000000800000000… · 598.1 KB · 60d ago
Last reviewed
60d
Within 180-day window
Evidence on file
3
Owner
DS
Director, Security
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Security
60d ago
Status set to implemented
90d ago
Initial control design approved
150d ago