Security Compliance

SG.5.07 - Board of Directors Security Program Content

Control Statement

The Board of Directors meets at least annually. Topics of discussion include effectiveness of internal controls, operations, risk assessments and fraud.

Context

While the Board of Directors meets at least annually, throughout the fiscal year, there are regularly occuring quarterly meetings held between the audit commitee members. The topics for these quarterly meeting are determined in advanced. Specific meetings which cover internal controls, operations, risk assessments, and fraud. The cadences and quarters that these discussions occur are documented in the Audit Committee Agenda Planner.

Scope

The scope of this control are the meetings held between the Audit Committee members to discuss specific security maters related to internal controls, operations, risk assessments, and fraud. These topics are pre-determined to be discussed as part of the planned Audit Committee Agenda.

Ownership

  • Control Owner: Security Compliance

  • Process owner(s): Security Compliance

Guidance

The Audit Committee is responsible for staying up to date and providing oversight over internal controls, operations, risk assessments, and fraud as it relates to security. This is accomplished through the fiscal year via quarterly meetings held by the Audit Committee.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Board of Directors security program content control issue.

Policy Reference

  • Audit Committee Agenda Planner

Framework Mapping

  • SOC2 CC

    • CC1.2

    • CC1.5

    • CC4.2

    • CC5.1