SG.5.07 - Board of Directors Security Program Content
Control Statement
The Board of Directors meets at least annually. Topics of discussion include effectiveness of internal controls, operations, risk assessments and fraud.
Context
While the Board of Directors meets at least annually, throughout the fiscal year, there are regularly occuring quarterly meetings held between the audit commitee members. The topics for these quarterly meeting are determined in advanced. Specific meetings which cover internal controls, operations, risk assessments, and fraud. The cadences and quarters that these discussions occur are documented in the Audit Committee Agenda Planner.
Scope
The scope of this control are the meetings held between the Audit Committee members to discuss specific security maters related to internal controls, operations, risk assessments, and fraud. These topics are pre-determined to be discussed as part of the planned Audit Committee Agenda.
Ownership
Control Owner:
Security Compliance
Process owner(s):
Security Compliance
Guidance
The Audit Committee is responsible for staying up to date and providing oversight over internal controls, operations, risk assessments, and fraud as it relates to security. This is accomplished through the fiscal year via quarterly meetings held by the Audit Committee.
Additional control information and project tracking
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Board of Directors security program content control issue.
Policy Reference
Audit Committee Agenda Planner
Framework Mapping
SOC2 CC
CC1.2
CC1.5
CC4.2
CC5.1
Last updated