💼 CC3.2 The entity identifies risks to the achievement of its objectives\ \ across the entity and analyzes risks as a basis for determining how the\ \ risks should be managed.

• Contextual name: 💼 CC3.2 The entity identifies risks to the achievement of its objectives\ \ across the entity and analyzes risks as a basis for determining how the\ \ risks should be managed.
• ID: /frameworks/soc-2/cc3/02
• Located in: 💼 CC3 Risk Assessment

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CC3.2-1 Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels
💼 CC3.2-2 Analyzes Internal and External Factors
💼 CC3.2-3 Involves Appropriate Levels of Management
💼 CC3.2-4 Estimates Significance of Risks Identified
💼 CC3.2-5 Determines How to Respond to Risks
💼 CC3.2-6 Identifies Threats to Objectives
💼 CC3.2-7 Identifies Vulnerability of System Components
💼 CC3.2-8 Analyzes Threats and Vulnerabilities From Vendors, Business Partners, and Other Parties
💼 CC3.2-9 Assesses the Significance of the Risks