Monday, February 16, 2009

ISO 27001/ISO 17799 Audit Questions and Checklist

Below sample question that yout can find in the ISO7799 Audit Questions and Checklist. The excel list also could be downloaded below
  • Whether there exists an Information security policy, which is approved by the management, published and communicated as appropriate to all employees.
  • Whether it states the management commitment and set out the organisational approach to managing information security. Whether the Security policy has an owner, who is responsible for its maintenance and review according to a defined review process.
  • Whether the process ensures that a review takes place in response to any changes affecting the basis of the original assessment, example: significant security incidents, new vulnerabilities or changes to organisational or technical infrastructure.
  • Whether there is a management forum to ensure there is a clear direction and visible management support for security initiatives within the organisation.
  • Whether there is a cross-functional forum of management representatives from relevant parts of the organisation to coordinate the implementation of information security controls.

5 comments:

  1. Hi.

    I read a same topic 2 month ago. The topic helps me to improve my competency.

    Apart from that, below article also is the same meaning

    5S audit

    Tks again and nice keep posting
    rgs

    ReplyDelete
  2. Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!




    Management Audit

    ReplyDelete
  3. You have great perception. Great article! I am sure this is going to help a lot of people.
    ISO audit questions

    ReplyDelete
  4. Thank you for your feedback. We're glad you enjoyed the post. Feel free to share it with others you think may benefit from this information.

    ISO Internal Audit Checklist

    ReplyDelete
  5. Thank you for the info. It sounds pretty user friendly. I guess I�ll pick one up for fun. thank u

    ISO 27001 Lead Auditor Training

    ReplyDelete