Audit and Assurance Policy and Procedures from Cloud Controls Matrix framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Audit and Assurance
Application and Interface Security
Business Continuity Management and Operational Resilience
Change Management Policy and Procedures
People
Datacenter Security
Data Security and Privacy Lifecycle Management
Governance, Risk and Compliance
Human Resources
Identity and Access Management
Interoperability and Portability
Infrastructure and Virtualization Security
Logging and Monitoring
Security Incident Management, E-Discovery, and Cloud Forensics
Supply Chain Management, Transparency, and Accountability
Threat and Vulnerability Management
Universal Endpoint Management

A&A-01: Audit and Assurance Policy and Procedures

Audit and Assurance Policy and Procedures

A&A-01: Are audit and assurance policies, procedures, and standards established, documented, approved, communicated, applied, evaluated, and maintained?

Both the cloud service provider (CSP) and cloud service customer (CSC) should develop a "customized integrated framework" of audit and assurance policies and procedures. This framework should incorporate/demonstrate compliance to leading industry standards and self-imposed business requirements while providing appropriate coverage of controls to assess the respective cloud environment and corresponding services.
At a minimum, audit and assurance policies and procedures should include:

a. Audit and assurance functions indicating purposes, responsibilities, authorities, and
accountabilities to ensure organizational independence, professional care, audit objectivity,
and proficiency,
b. Audit and assurance plans,
c. Audit development policies and procedures to determine criteria and assertions against which
the subject matter will be assessed, quality assurance and supervision, sufficient and appropriate
evidence, in accordance with commonly accepted frameworks and audit best practices,
d. Audit reporting to communicate audit results and findings,
e. Follow-up activities to monitor audit findings implementation progress

Description

Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually.

Audit and Assurance Policy and Procedures

A&A-01: Are audit and assurance policies, procedures, and standards reviewed and updated at least annually?

Description

Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually.