SOC 2
Security Risk Assessment
CC3.1
COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
Operations Objectives | Reflects Management’s Choices—Operations objectives reflect management’s choices about structure industry considerations and performance of the entity.Operations Objectives | Considers Tolerances for Risk—Management considers the acceptable levels of variation relative to the achievement of operations objectives.Operations Objectives | Includes Operations and Financial Performance Goals—The organization reflects the desired level of operations and financial performance for the entity within operations objectives.Operations Objectives | Forms a Basis for Committing of Resources—Management uses operations objectives as a basis for allocating resources needed to attain desired operations and financial performance.External Financial Reporting Objectives | Complies With Applicable Accounting Standards—Financial reporting objectives are consistent with accounting principles suitable and available for that entity. The accounting principles selected are appropriate in the circumstances.External Financial Reporting Objectives |Considers Materiality—Management considers materiality in financial statement presentation.External Financial Reporting Objectives | Reflects Entity Activities—External reporting reflects the underlying transactions and events to show qualitative characteristics and assertions.External Nonfinancial Reporting Objectives | Complies With Externally Established Frameworks—Management establishes objectives consistent with laws and regulations or standards and frameworks of recognized external organizations.External Nonfinancial Reporting Objectives | Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs and based on criteria established by third parties in nonfinancial reporting.External Nonfinancial Reporting Objectives | Reflects Entity Activities—External reporting reflects the underlying transactions and events within a range of acceptable limits.Internal Reporting Objectives | Reflects Management’s Choices—Internal reporting provides management with accurate and complete information regarding management’s choices and information needed in managing the entity.Internal Reporting Objectives | Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs in nonfinancial reporting objectives and materiality within financial reporting objectives.Internal Reporting Objectives | Reflects Entity Activities—Internal reporting reflects the underlying transactions and events within a range of acceptable limits.Compliance Objectives | Reflects External Laws and Regulations—Laws and regulations establish minimum standards of conduct which the entity integrates into compliance objectives.Considers Tolerances for Risk—Management considers the acceptable levels of variation relative to the achievement of operations objectives.Establishes Sub-objectives to Support Objectives—Management identifies sub-objectives related to security availability processing integrity confidentiality and privacy to support the achievement of the entity’s objectives related to reporting operations and compliance.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!