← all controls
CC3.1SOC 2

Risk assessment - objectives

The entity specifies objectives with sufficient clarity to enable risk identification and assessment.

Trust Service Criterion
CC
Audit period
type-2
Points of focus
  • System objectives align with service commitments
  • Objectives consider security, availability, and confidentiality needs
  • Measurable criteria are defined