Trust Service Criteria
9 controls
CC1
Control Environment
Management & organizational structure
CC2
Communication & Information
Internal & external communications
CC3
Risk Assessment
Identification and analysis of risks
CC4
Monitoring of Controls
Ongoing monitoring activities
CC5
Control Activities
Policies and procedures
CC6
Logical Access Controls
Access, authorization, authentication
CC7
System Operations
Monitoring and incident response
CC8
Change Management
Gap — action required
CC9
Risk Mitigation
Vendor and third-party risk
CC1 · Control Environment · Satisfied
Control Environment
Management's philosophy, operating style, and organizational structure. Includes the board of directors, management oversight, and the human resources policies that provide a foundation for carrying out internal control.
Mapped evidence items
| Timestamp |
Agent |
Event type |
Sub-control |
Risk |
| May 15 14:32 |
zapier-crm-sync |
Agent identity log |
CC1.2 |
LOW |
| May 15 14:31 |
n8n-airtable |
Access control log |
CC1.3 |
LOW |
| May 15 12:14 |
claude-support |
Authorization check |
CC1.1 |
LOW |
✓ Auditor ready. CC1 has complete evidence coverage for the current audit period. No action required.