>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

COM-02Policy for planning and conducting audits

>Control Description

Policies and instructions for planning and conducting audits are documented, communicated and made available in accordance with SP-01 and address the following aspects: • Restriction to read-only access to system components in accordance with the agreed audit plan and as necessary to perform the activities; • Activities that may result in malfunctions to the cloud service or breaches of contractual requirements are performed during scheduled maintenance windows or outside peak periods; and • Logging and monitoring of activities. Additional criteria: The Cloud Service Provider grants its cloud customers contractually guaranteed information and audit rights.

Ask AI

Configure your API key to use AI features.