GRC-06: Governance Responsibility Model

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set.

Control Statement

Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs.

Implementation Guidance

RACI charts (responsible, accountable, consulted, and informed) charts may be used to document roles and responsibilities. Specific people or teams should be assigned for each documented role in the governance program, policies, and procedures. Roles and responsibilities should be reviewed and updated periodically.

Auditing Guidance

  1. Confirm the organization has established a governance framework which details roles, responsibilities, and accountability.
  2. Evidence that governance meetings are reported and documented appropriately.
  3. Confirm that individuals/groups responsible for governance are tracking and monitoring progress against the governance program.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.