Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-8-1
Cybersecurity Reviews Must Be Conducted Periodically By The Cybersecurity Function In The Organization
To Assess The Compliance With The Cybersecurity Controls In The Organization.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-8-2
Cybersecurity Audits And Reviews Must Be Conducted By Independent Parties Outside The
Cybersecurity Function (e.g., Internal Audit Function) To Assess The Compliance With The Cybersecurity
Controls In The Organization. Audits And Reviews Must Be Conducted Independently, While Ensuring
That This Does Not Result In A Conflict Of Interest, As Per The Generally Accepted Auditing Standards
(GAAS), And Related Laws And Regulations.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-8-3
Results From The Cybersecurity Audits And Reviews Must Be Documented And Presented To The
Cybersecurity Steering Committee And Authorizing Official. Results Must Include The Audit/review
Scope, Observations, Recommendations And Remediation Plans.