Friday, October 19, 2007

auditing ISO 27001

You may please look for all mentioned below during internal audit.. in addition to Annex A controls..

Basic Checklist
List of assets (with owners, threats, controls and vulnerabilities) available?
Access controls defined? (Authorization forms)
Information labelling carried out?
Security Incidents monitored?
Security events monitored?
Backup integrity monitored?
Risk assessment methodology defined?
Risk assessment covers all the assets?
Risk assessment study documents available?
Additional Control Records maintained?
Test records maintained? (mainly for System admin)
SoA Prepared and complete?
Employee Training records available with respect to ISMS?
Internal audit Plan and Audit reports maintained?
Risk Mitigation plan available?
Competency Matrix available?
Training effectiveness records available?
Roles and Responsibilities defined?
Department specific procedures documented?
(mainly HR / Admin/ System admin / MR related)
BCP and management Process available?

2 comments:

adam said...

Hello I just entered before I have to leave to the airport, it's been very nice to meet you, if you want here is the site I told you about where I type some stuff and make good money (I work from home): here it is

adam said...

Hi, this is not so related to your page, but it is the site you asked me 1 month ago about the abs diet. I tried it, worked well. Well here is the site