III.D.5 Effectiveness of Controls
Control testing should include the effectiveness of control design and implementation and take into account the changing nature of the threats and the enforcement of control functions. Management should monitor risk mitigation activities and controls to ensure that identified risks are appropriately mitigated. Monitoring of the effectiveness of controls should be ongoing, and departments should provide periodic progress reports to management. Ongoing monitoring ensures that the risk management process is not a one-time or annual event.
III.D.4 Policy Compliance
III.D.6 Quality Assurance and Quality Control