AAC-01: Audit Planning

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: A&A-03: Risk Based Planning Assessment, A&A-05: Audit Management Process.

Control Statement

Audit plans shall be developed and maintained to address business process disruptions. Auditing plans shall focus on reviewing the effectiveness of the implementation of security operations. All audit activities must be agreed upon prior to executing any audits.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.