CC5 - Control Activities

CC5 focuses on control activities, requiring organizations to establish policies and procedures such as authorization, execution, segregation of duties and documentation that help achieve the Trust Services Criteria objectives and mitigate risks to security, availability, processing integrity, confidentiality and privacy.