Demo · sample data, not for production use · request the real tool →

CC8.1

Authorizes, designs, develops, configures, documents, tests, approves, and implements changes

SecurityImplementedSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.

Auditor test plan

How this is tested during the audit

Auditor samples 25 production changes and traces each to a ticketed approval, peer review, automated test pass, and deploy log.

Evidence

1 item attached to this control

Open vault →
  • CSV

    change-sample-25-2026q1.csv

    sha256:0000000008090000… · 89.3 KB · 11d ago

Last reviewed
11d
Within 180-day window
Evidence on file
5

Owner

VE
VP Engineering
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by VP Engineering

    11d ago

  2. Status set to implemented

    41d ago

  3. Initial control design approved

    101d ago