Purpose:
- Ensure controls are operating as designed.
- Identify control weaknesses and failure outside an audit setting.
- Communicate results to appropriate stakeholder.
Scope:
All production devices controls will be tested for operating effectiveness over time focusing on:
- Execution against the defined security policies.
- Execution evidence maintenance availability.
- Timely deviation from policy documentation.
- Timely temporary failures of a control or loss of evidence documentation and communication.