IT:AD:Information Security Controls Validation Plan (CVP)
Summary
Supports the IT:AD:Controls Validation Audit (CVA) Report.
The CVP defines the approach that will be taken to validat if the Security Controls for a system have been implemented and operate effectively.
Approach: * Identified required controls from the IT:AD:Risk Assessment (RA) Report. * Mapped the identified controls to the appropriate Risks * Mapped the controls to the relevant NZISM controls (version x.x) * Provide the methodology that will be used to verify each control.
- Format:
- Control ID, Description, NZISM Area, Key Risks, Priority, Test Approach and Methodology, Control Category (Enterprise/Project)