SOC 2 · CC3
CC3 · Risk Assessment
3 controls in this family.
SOC2-CC3-RISK-ASSESSMENT
Annual Risk Assessment Process
Formal methodology for identifying, analyzing, and evaluating risks to the confidentiality, integrity, and availability of systems and data.
SOC2-CC3-RISK-REGISTER
Risk Register Maintenance
Maintained register of identified risks with assigned owners, treatment decisions, and tracked remediation status.
SOC2-CC3-FRAUD-RISK
Fraud Risk Assessment
Assessment of fraud risks relevant to financial reporting and operations, including insider threat scenarios.
Annual Risk Assessment Process
Formal methodology for identifying, analyzing, and evaluating risks to the confidentiality, integrity, and availability of systems and data.
Testing: Annually
Risk Register Maintenance
Maintained register of identified risks with assigned owners, treatment decisions, and tracked remediation status.
Testing: Quarterly
Fraud Risk Assessment
Assessment of fraud risks relevant to financial reporting and operations, including insider threat scenarios.
Testing: Annually