- Whether there exists an Information security policy, which is approved by the management, published and communicated as appropriate to all employees.
- Whether it states the management commitment and set out the organisational approach to managing information security. Whether the Security policy has an owner, who is responsible for its maintenance and review according to a defined review process.
- Whether the process ensures that a review takes place in response to any changes affecting the basis of the original assessment, example: significant security incidents, new vulnerabilities or changes to organisational or technical infrastructure.
- Whether there is a management forum to ensure there is a clear direction and visible management support for security initiatives within the organisation.
- Whether there is a cross-functional forum of management representatives from relevant parts of the organisation to coordinate the implementation of information security controls.
Monday, February 16, 2009
ISO 27001/ISO 17799 Audit Questions and Checklist
Below sample question that yout can find in the ISO7799 Audit Questions and Checklist. The excel list also could be downloaded below
Subscribe to:
Post Comments (Atom)
Hi.
ReplyDeleteI read a same topic 2 month ago. The topic helps me to improve my competency.
Apart from that, below article also is the same meaning
5S audit
Tks again and nice keep posting
rgs
Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!
ReplyDeleteManagement Audit
You have great perception. Great article! I am sure this is going to help a lot of people.
ReplyDeleteISO audit questions
Thank you for your feedback. We're glad you enjoyed the post. Feel free to share it with others you think may benefit from this information.
ReplyDeleteISO Internal Audit Checklist
Thank you for the info. It sounds pretty user friendly. I guess I�ll pick one up for fun. thank u
ReplyDeleteISO 27001 Lead Auditor Training