The IT Law Wiki
The IT Law Wiki

Definition[]

Common controls are

security controls employed at the organization level that typically serve multiple information systems. By centrally managing and documenting the development, implementation, assessment, authorization, and monitoring of common controls, organizations can amortize security costs across multiple information systems.[1]

Overview[]

"Examples of business process areas having common controls include contingency planning, incident response, security training and awareness, personnel security, physical and environmental protection, and security program management. These business process areas are generally good candidates for common controls."[2]

References[]