graphgrc

SOC2 - CC1.2

COSO Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control

Establishes Oversight Responsibilities

The board of directors identifies and accepts its oversight responsibilities in relation to established requirements and expectations

Applies Relevant Expertise

The board of directors defines, maintains, and periodically evaluates the skills and expertise needed among its members to enable them to ask probing questions of senior management and take commensurate action

Operates Independently

The board of directors has sufficient members who are independent from management and objective in evaluations and decision making

Additional point of focus specifically related to all engagements using the trust services criteria: Supplements Board Expertise

The board of directors supplements its expertise relevant to security, availability, processing integrity, confidentiality, and privacy, as needed, through the use of a subcommittee or consultants.

Mapped SCF controls

• GOV-01 - Cybersecurity & Data Protection Governance Program
• GOV-05 - Measures of Performance
• GOV-05.1 - Key Performance Indicators (KPIs)
• GOV-05.2 - Key Risk Indicators (KRIs)
• HRS-02 - Position Categorization
• HRS-03 - Roles & Responsibilities
• HRS-03.2 - Competency Requirements for Security-Related Positions

This site is open source. Improve this page.