| ๐ผ CC5.1 The entity selects and develops control activities that contribute\ \ to the mitigation of risks to the achievement of objectives to acceptable levels. | 6 | | | |
| ย ย ย ย ๐ผ CC5.1-1 Integrates With Risk Assessment | | | | |
| ย ย ย ย ๐ผ CC5.1-2 Considers Entity-Specific Factors | | | | |
| ย ย ย ย ๐ผ CC5.1-3 Determines Relevant Business Processes | | | | |
| ย ย ย ย ๐ผ CC5.1-4 Evaluates a Mix of Control Activity Types | | | | |
| ย ย ย ย ๐ผ CC5.1-5 Considers at What Level Activities Are Applied | | | | |
| ย ย ย ย ๐ผ CC5.1-6 Addresses Segregation of Duties | | | | |
| ๐ผ CC5.2 The entity also selects and develops general control activities over\ \ technology to support the achievement of objectives. | 4 | | | |
| ย ย ย ย ๐ผ CC5.2-1 Determines Dependency Between the Use of Technology in Business Processes and Technology General Controls | | | | |
| ย ย ย ย ๐ผ CC5.2-2 Establishes Relevant Technology Infrastructure Control Activities | | | | |
| ย ย ย ย ๐ผ CC5.2-3 Establishes Relevant Security Management Process Controls Activities | | 16 | 17 | |
| ย ย ย ย ๐ผ CC5.2-4 Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities | | | | |
| ๐ผ CC5.3 The entity deploys control activities through policies that establish\ \ what is expected and in procedures that put policies into action. | 6 | | | |
| ย ย ย ย ๐ผ CC5.3-1 Establishes Policies and Procedures to Support Deployment of\ \ Management's Directives | | | | |
| ย ย ย ย ๐ผ CC5.3-2 Establishes Responsibility and Accountability for Executing Policies and Procedures | | | | |
| ย ย ย ย ๐ผ CC5.3-3 Performs in a Timely Manner | | | | |
| ย ย ย ย ๐ผ CC5.3-4 Takes Corrective Action | | | | |
| ย ย ย ย ๐ผ CC5.3-5 Performs Using Competent Personnel | | | | |
| ย ย ย ย ๐ผ CC5.3-6 Reassesses Policies and Procedures | | | | |