The confidence rating speeds the process of finding those controls that need improvement.The “Confidence Meter” description is intentionally vague. It is left to the user to decide the inherently subjective criteria for confidence in the organization’s implementation of the control. The intention is for the user to express their confidence in the control. When selecting a confidence rating closer to a 10 the presumption is that the control is robustly implemented and needn’t be revisited in the near future. When selecting a low confidence rating the user is stating that they believe the control’s implementation is adequate, but weak and can be improved in the future. Use the confidence ratings when reviewing the SSP and deciding where resources should be applied for improvement.
|
Comments
0 comments
Please sign in to leave a comment.