Control Environment
The control environment includes the governance activities that support effective onboarding, human resources, and company and team management.
Information and Communication
Information and communication is related to the systems, processes and activities that ensure information is effectively communicated.
Confidentiality
Confidentiality refers to how information is classified, handled and secured to ensure it is only accessed by authorised parties.
Privacy
Privacy refers to the protection of personal data that identifies individuals and complies with the privacy rights of those individuals.
Risk Management
Risk Management is how risks and opportunities are identified, assessed, treated, monitored and reported to support the company objectives.
Vendor Management
Vendor management refers to the risk management of third-party service providers that support critical functions and handle sensitive data.
System Security
System Security is the protection of system assets and data to ensure they are only accessed by authorised personnel.
System Operations
System Operations is the monitoring, backup, resilience and recovery practices that supports the availability and integrity objectives of the systems.
Change Management
Change Management includes the lifecycle of system development for the critical infrastructure and software.
