Demo · sample data, not for production use · request the real tool →

CC7.3

Evaluates security events to determine response

SecurityPartialSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives, and, if so, takes actions to prevent or address such failures.

Auditor test plan

How this is tested during the audit

Auditor samples 5 security incidents from the past 12 months and reviews triage decisions and after-action reports.

Evidence

1 item attached to this control

Open vault →
  • PDF

    incident-INC-2025-104-after-action.pdf

    sha256:0080000000000000… · 239.1 KB · 38d ago

Last reviewed
38d
Within 180-day window
Evidence on file
2

Owner

DS
Director, Security
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by Director, Security

    38d ago

  2. Remediation plan opened

    52d ago

  3. Auditor flagged design gap

    98d ago