Key Controls
Key controls are the primary controls used to manage risk in an environment.
- Characteristics of key controls:
- They provide a reasonable degree of assurance that the risk will be mitigated
- If the control fails, it is unlikely that another control could take over for it
- The failure of this control will affect an entire process
- Key controls vary based on environment and the present risks
- Always test key controls as part of compliance or audit efforts
- e.g., Antivirus software on all systems processing payment card information in an environment.