>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

7122(a)(3)7122(a)(3)

>Control Description

If a business uses an internal auditor, to maintain the auditor’s independence, the highest-ranking auditor must report directly to a member of the business’s executive management team who does not have direct responsibility for the business’s cybersecurity program. A member of the business’s executive management team who does not have direct responsibility for the business’s cybersecurity program must conduct the highest-ranking auditor’s performance evaluation, if any, and determine the auditor’s compensation.

Ask AI

Configure your API key to use AI features.