GOV-03
Periodic Review & Update of Cybersecurity & Data Protection Program
Description
Mechanisms exist to review the cybersecurity and data protection program, including policies, standards and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness.
Control Question
Does the organization review the cybersecurity and data protection program, including policies, standards and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness?
Control Metadata
Domain:
Cybersecurity & Data Protection Governance
Validation Cadence:
Annual
Evidence Request List:
E-GOV-12
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
19
MAS TRM
3.2.2
HKIA GL20
1.11.21.31.41.5