Back

Include methods to obtain information from interested personnel and affected parties about performance variances in the communication protocol.


CONTROL ID
12856
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain communication protocols., CC ID: 12245

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Define opportunities for obtaining stakeholder views about action and control weaknesses, performance variances, incidents or suspicions of legal noncompliance, violations of company policies, and concerns or perceptions about perceived unethical conduct. (OCEG GRC Capability Model, v. 3.0, P7.1 Establish Multiple Pathways to Obtain Information, OCEG GRC Capability Model, v 3.0)
  • employees, e.g. through whistle blowing facilities, helplines, feedback, suggestion boxes; (§ 9.1.3 ¶ 1 Bullet 1, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)