SCF - IAO-02.2 - Specialized Assessments
Mechanisms exist to conduct specialized assessments for:
- Statutory, regulatory and contractual compliance obligations;
- Monitoring capabilities;
- Mobile devices;
- Databases;
- Application security;
- Embedded technologies (e.g., IoT, OT, etc.);
- Vulnerability management;
- Malicious code;
- Insider threats and
- Performance/load testing.
Mapped framework controls
ISO 27002
- A.5.21
- A.5.23
- A.8.29
SOC 2
Control questions
Does the organization conduct specialized assessments for:
- Statutory, regulatory and contractual compliance obligations;
- Monitoring capabilities;
- Mobile devices;
- Databases;
- Application security;
- Embedded technologies (e?g?, IoT, OT, etc?);
- Vulnerability management;
- Malicious code;
- Insider threats and
- Performance/load testing?