Planned Controls
Planned controls are those that have been approved but not yet installed. Planning documents identify what the controls have been purchased for and include supporting documentation. A planned control will have a specified implementation date.
A control might not be implemented yet for various reasons. Perhaps the control has been purchased but hasn’t yet arrived. Perhaps the control has arrived but hasn’t been installed. The reason a control hasn’t been implemented isn’t as important as realizing that it will be implemented.
Planned controls should be identified before other controls are approved so that an additional control isn’t purchased if one is already planned for purchase that would address the same vulnerability. ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
