Service Features

Effectiveness of the control framework and its application will be analysed using evidence based assessment:

  • Is the Statement of Applicability comprehensive, are there any gaps and have exclusions been sufficiently justified?
  • What controls have been applied?
  • Have success criteria been clearly defined?
  • What metric and measurement framework has been implemented to report on control efficacy or defined success criteria?
  • Have the specific risk exposures been reduced or mitigated in line with the Risk Management and Risk Treatment Plan frameworks?
  • What artefacts are available to demonstrate effective implementation?
  • Have defined outcomes been achieved, how is this reported and signed off?