Quarterly risk-register review with documented mitigations

SOC2.CC3.RISK · GLOBAL · operational_security

Severity

medium

Cadence

quarterly

Region

global

Current status (Apollo Gaming Ltd.)

not evaluated

Requirement

A risk register is maintained covering security, availability, and confidentiality risks. The register is reviewed every calendar quarter, with new and changed risks documented along with their mitigation owner.

Source: AICPA TSC — CC3 Risk Assessment

Evidence specification

Evidence type	Connector	Spec	Acceptance criteria
`doc_presence`	`doc-sharepoint`	{ "path": "/risk-register.xlsx", "required_fields": [ "last_reviewed_at", "open_risks_count" ] }	`last_reviewed_at within last 92 days`

Recent evaluations (Apollo Gaming Ltd.)

No evaluation history for this control yet.