Demo · sample data, not for production use · request the real tool →

CC7.4

Responds to identified security incidents

SecurityPartialStale reviewSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents.

Auditor test plan

How this is tested during the audit

Auditor reviews the incident response plan, the date of the last tabletop exercise, and a sample of post-incident reviews.

Evidence

1 item attached to this control

Open vault →
  • PDF

    incident-response-plan-v5.pdf

    sha256:0000000000000000… · 304.7 KB · 188d ago

Last reviewed
188d
Stale — reset before audit
Evidence on file
1

Owner

DS
Director, Security
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by Director, Security

    188d ago

  2. Remediation plan opened

    202d ago

  3. Auditor flagged design gap

    248d ago