AuditRubric
risk

risk Controls

6 controls across 2 frameworks.

NIST CSF

id-ra-3

Internal and external threats to the organization are identified and recorded

Identify / Risk Assessment

SOC2

cc1-2

Board or equivalent body oversees security risk

Security / Control Environment
cc3-1

Security objectives are defined to enable risk identification

Security / Risk Assessment
cc3-2

Security risks are identified and analyzed

Security / Risk Assessment
cc3-3

Fraud risk is identified and assessed

Security / Risk Assessment
cc3-4

Significant changes are assessed for security impact

Security / Risk Assessment