Compensating controls are used as a substitute for primary controls when the primary control is not feasible or practical to implement. They provide an alternative way to mitigate risks and achieve the same level of security. For example, if a company cannot afford to implement a firewall (a preventive control), they may use a virtual private network (VPN) as a compensating control to protect their network traffic.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of compensating controls?
How do compensating controls differ from preventive controls?
In what situations might an organization need to implement compensating controls?