CC9.1
Identifies, selects, and develops risk mitigation activities
SecurityPartialSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions.
Auditor test plan
How this is tested during the audit
Auditor reviews the BCDR plan, vendor concentration analysis, and the cyber-insurance policy.
Evidence
No evidence on file yet
No evidence attached
Upload at least one artifact before the audit window opens.
Last reviewed
78d
Within 180-day window
Evidence on file
2
Owner
C
COO
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by COO
78d ago
Remediation plan opened
92d ago
Auditor flagged design gap
138d ago