3.4. Monitoring and Remediating Compliance Controls
Controls must be created, monitored, and reported to upper management to help ensure effective oversight. They must also be tested to help ensure compliance with policy, either on a scheduled or periodic basis. Controls are generally tested by a specific testing group, or possibly by the IT compliance team. In many cases, the testing of a given set of controls is initiated by a compliance audit for a specific regulation. For example, an annual Sarbanes-Oxley Act (SOX) audit may trigger testing of controls that impact SOX compliance. A subsequent PCI audit may have the same effect, possibly resulting in the redundant testing of controls that relate to both SOX and PCI. This redundant testing ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
