Report on the percentage of key external requirements for which an assurance strategy has been implemented.

UCF ID: 01659
Control Type: Actionable Reports or measurements
Status: Live
Metric guidance

Calculation: The calculation for this metric is # of key external requirements for which an assurance strategy has been implemented / # of key external requirements.

Calculation source: No authority document source of information exists. The following formula was used: the number of key external requirements for which an assurance strategy has been implemented divided by the total number of key external requirements.

The Common Control IDs associated with this metric are as follows:

    Document the external laws, regulations, and rules with which the organization must comply regarding its information systems, information technology, and information. [UCF Control ID 00611]
    Establish and maintain a security and internal control framework policy. [UCF Control ID 00820]
    Identify significant information processes, applications, and systems that fall under internal or external governance or compliance laws, regulations, or rules. [UCF Control ID 00688]
    Establish and maintain an organizational framework of policies, standards, and procedures. [UCF Control ID 01406]
    Establish and maintain a security policy model document that describes the functions, rules, and characteristics of the security policy. [UCF Control ID 04560]

Supporting and supported controls

This control directly supports:

    Establish and maintain a risk management and compliance program metrics standard. [UCF Control ID 01656]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE1.3; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.1

US Federal Security Guidance

The organization must measure and report on the percentage of key external requirements for which the organization has been deemed by objective audit or other means to be in compliance. [ISPE1.3, CISWG Information Security Program Elements, January 10,2005]

General Guidance

The purpose of this measurement is to measure the percentage of key external requirements for which the organization has been deemed to be in compliance by an objective audit or other means. [§ 18.1, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.