Independent Verification of Assessment Plans and Evidence (SA-11(3))

Require an independent agent satisfying [organization-defined] to verify the correct implementation of the developer security and privacy assessment plans and the evidence produced during testing and evaluation; and Verify that the independent agent is provided with sufficient information to complete the verification process or granted the authority to obtain such information.