CC9.2
Assesses and manages risks associated with vendors and business partners
SecurityPartialSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity assesses and manages risks associated with vendors and business partners.
Auditor test plan
How this is tested during the audit
Auditor inspects the vendor inventory, classification by data sensitivity, and a sample of completed annual security reviews.
Evidence
1 item attached to this control
- XLS
vendor-inventory-2026q2.xlsx
sha256:0000000000000000… · 476.8 KB · 64d ago
Last reviewed
64d
Within 180-day window
Evidence on file
2
Owner
DP
Director, Procurement
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by Director, Procurement
64d ago
Remediation plan opened
78d ago
Auditor flagged design gap
124d ago