Compensating control definition

Compensating control means an alternate procedure, or set of procedures, that must be used when it is not possible to segregate duties so that no one employee performs more than two of the key duty types. (See D-2. Segregation of Duties)

Split View

AI-Powered Contracts

Draft, Review & Redline at the Speed of AI

Get StartedBook a Demo

Compensating control or “COMPENSATING CONTROLS” shall mean one or more alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer (or his or her appropriate designee) to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be up to date with current‌

Compensating control means any alternative measure that is put into place to satisfy the requirement for a security measure, where the implementation specification for that requirement is deemed not reasonable or appropriate to implement. The hospital must document why it would not be reasonable and appropriate to implement the implementation specification; and implement an equivalent alternative measure if reasonable and appropriate.

More Definitions of Compensating control

Compensating control means a mechanism that can be put in place as an alternative to satisfying a cybersecurity measure, where the cybersecurity measure is determined to be impractical or unreasonable to implement due to technical, business, or other constraints. Such alternative mechanism must (a) meet the intent

Compensating control means a mechanism that can be put in place as an alternative to satisfying a cybersecurity measure, where the cybersecurity measure is determined to be impractical or unreasonable to implement due to technical, business, or other constraints. Such alternative mechanism must (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be consistent with industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated requirement. Compensating Controls shall be reevaluated for security effectiveness not less than annually to determine whether to retain the Compensating Control as an appropriate security measure.

Compensating control means a documented procedure or practice that is used to mitigate an identified risk.

Compensating control or “COMPENSATING CONTROLS” shall mean one or more alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer (or his or her appropriate designee) to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms