graphgrc

SOC2 - CC5.1

COSO Principle 10: The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels

Integrates With Risk Assessment

Control activities help ensure that risk responses that address and mitigate risks are carried out

Considers Entity-Specific Factors

Management considers how the environment, complexity, nature, and scope of its operations, as well as the specific characteristics of its organization, affect the selection and development of control activities

Determines Relevant Business Processes

Management determines which relevant business processes require control activities

Evaluates a Mix of 2017 Data Submitted Types

Control activities include a range and variety of controls and may include a balance of approaches to mitigate risks, considering both manual and automated controls, and preventive and detective controls

Considers at What Level Activities Are Applied

Management considers control activities at various levels in the entity

Addresses Segregation of Duties

Management segregates incompatible duties, and where such segregation is not practical, management selects and develops alternative control activities.

Mapped SCF controls

• GOV-15 - Operationalizing Cybersecurity & Data Protection Practices
• GOV-15.1 - Select Controls
• GOV-15.2 - Implement Controls
• HRS-11 - Separation of Duties (SoD)
• OPS-01.1 - Standardized Operating Procedures (SOP)
• OPS-02 - Security Concept Of Operations (CONOPS)
• PRM-06 - Business Process Definition
• RSK-01 - Risk Management Program
• SEA-01 - Secure Engineering Principles
• SEA-01.1 - Centralized Management of Cybersecurity & Data Privacy Controls
• SEA-02 - Alignment With Enterprise Architecture

This site is open source. Improve this page.