COSO Principle 11: The entity also selects and develops general control activities over technology to support the achievement of objectives
Determines Dependency Between the Use of Technology in Business Processes and Technology General Controls
Management understands and determines the dependency and linkage between business processes, automated control activities, and technology general controls
Management selects and develops control activities over the technology infrastructure, which are designed and implemented to help ensure the completeness, accuracy, and availability of technology processing
Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity’s assets from external threats
Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities
Management selects and develops control activities over the acquisition, development, and maintenance of technology and its infrastructure to achieve management’s objectives.
- PRM-01 - Cybersecurity & Data Privacy Portfolio Management
- PRM-04 - Cybersecurity & Data Privacy In Project Management
- PRM-05 - Cybersecurity & Data Privacy Requirements Definition
- PRM-06 - Business Process Definition
- PRM-07 - Secure Development Life Cycle (SDLC) Management
- RSK-08 - Business Impact Analysis (BIA)
- RSK-10 - Data Protection Impact Assessment (DPIA)
- SEA-01 - Secure Engineering Principles
- TDA-01 - Technology Development & Acquisition
- TDA-02 - Minimum Viable Product (MVP) Security Requirements