SCF - PRM-06 - Business Process Definition
Mechanisms exist to define business processes with consideration for cybersecurity & data privacy that determines:
- The resulting risk to organizational operations, assets, individuals and other organizations; and
- Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained.
Mapped framework controls
SOC 2
- CC1.3
- CC3.1
- CC3.4
- CC4.1
- CC5.1
- CC5.2
- PI1.1
Control questions
Does the organization define business processes with consideration for cybersecurity & data privacy that determines:
- The resulting risk to organizational operations, assets, individuals and other organizations; and
- Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained?