Conduct independent audit and assurance assessments according to relevant standards at least annually.
Independent audit and assurance should be free from conflict of interest and undue influence in all matters related to audit and assurance engagements. The frequency of audit and assurance evaluations should comply with applicable standards, regulations, legal/contractual obligations, and statutory requirements. The audit and assurance process should assess all applicable CCM domains.
- Examine the process to determine standards and regulations applicable to the organization's systems and environments.
- Determine if the organization maintains and reviews a list of such standards and regulations.
- Determine if senior management exercises oversight over the independence of the assessment process.
- Determine if the audit plan is informed by previous assessments, and is scheduled on an annual basis.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.