IT:AD:Information Security Controls Validation Plan (CVP)

Supports the IT:AD:Controls Validation Audit (CVA) Report.

The CVP defines the approach that will be taken to validat if the Security Controls for a system have been implemented and operate effectively.

Approach: * Identified required controls from the IT:AD:Risk Assessment (RA) Report. * Mapped the identified controls to the appropriate Risks * Mapped the controls to the relevant NZISM controls (version x.x) * Provide the methodology that will be used to verify each control.

  • Format:
    • Control ID, Description, NZISM Area, Key Risks, Priority, Test Approach and Methodology, Control Category (Enterprise/Project)

class CVA
class CVP