CISOBot - Your AI CISO Assistant

IAO-02

Assessments

Weight: 10/10

Description

Mechanisms exist to formally assess the cybersecurity and data protection controls in Technology Assets, Applications and/or Services (TAAS) through Information Assurance Program (IAP) activities to determine the extent to which the controls are implemented correctly, operating as intended and producing the desired outcome with respect to meeting expected requirements.

Control Question

Does the organization formally assess the cybersecurity and data protection controls in Technology Assets, Applications and/or Services (TAAS) through Information Assurance Program (IAP) activities to determine the extent to which the controls are implemented correctly, operating as intended and producing the desired outcome with respect to meeting expected requirements?

Control Metadata

Domain:

Information Assurance

Validation Cadence:

Semi-Annual

Evidence Request List:

E-IAO-03

Framework Mappings

This control maps to the following compliance frameworks

MAS TRM

5.7.15.7.2

HKIA GL20

5.15.25.35.45.55.65.7

Have questions about this control?

Ask CISOBot for implementation guidance and best practices