III.D.4 Policy Compliance
Management should develop, implement, and monitor a process to measure IT compliance with the institution's established policies. In addition to the traditional reliance on internal and third-party audit functions, the institution should perform periodic self-assessments. The scope and frequency of self-assessments depend on the scale and historical performance of the IT function. Self-assessments provide management with an understanding of whether the institution is in compliance with the policies approved by the board.
III.D.3 Service Level Agreements
III.D.5 Effectiveness of Controls