CC7.5
Recovers from identified security incidents
SecurityNot implementedStale reviewSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity identifies, develops, and implements activities to recover from identified security incidents.
Auditor test plan
How this is tested during the audit
Auditor expects documented recovery procedures for credential compromise, ransomware, and customer-data exposure with a tested RTO.
Evidence
No evidence on file yet
No evidence attached
Upload at least one artifact before the audit window opens.
Last reviewed
220d
Stale — reset before audit
Evidence on file
0
Owner
DS
Director, Security
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Security
220d ago
Owner assigned
227d ago
Control identified as missing
241d ago