Guest
Implement all the controls before certification audit?
For SOA, status should be Implemented for all applicable controls before final audit or even Planned is acceptable.
Assign topic to the user
Answer:
If you go for the certification audit, you should have most of your controls implemented, and make sure that controls that mitigate the biggest risks are fully implemented.
In other words, you can leave only smaller number of less significant controls to be implemented after the certification. In such case, you have to ask risk owners to accept the residual risks.
Comment as guest or Sign in
Jan 13, 2016
Jan 13, 2016
Jan 13, 2016