isms quality audits
TRANSCRIPT
-
7/29/2019 ISMS Quality Audits
1/9
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
-
7/29/2019 ISMS Quality Audits
2/9
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Information Security Audit and Compliance
Cambridge ITO
-
7/29/2019 ISMS Quality Audits
3/9
3
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Agenda
Role of Internal Audit Group
Information Security
Audit Process
Audit Planning
Auditing
Audit Reporting
-
7/29/2019 ISMS Quality Audits
4/9
4
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Role of Internal Audit group in Information Security
Ensure Information security audit and compliance
Monitoring & adherence to Information security as outlined in
ISMS Manual
Information security policy
Check compliance against ISO 27001 Standards by conducting audit
Help identify security threats and vulnerabilities in information assets Communicate risks to business units
Address appropriate countermeasures.
-
7/29/2019 ISMS Quality Audits
5/9
5
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Information Security Audit Process
Internal Audit Group organizes and conducts internal information security audits
Documented audit procedure for conducting audit
Trained Auditors shall carry out audits
Auditors drawn from a pool of Auditors
Establish Information Security audit Calendar
communication to Auditee/ Business unit/Location Conduct Audit as per ISO 27001 Standards
-
7/29/2019 ISMS Quality Audits
6/9
6
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Information Security Audit Planning
Establish Information Security audit Calendar
1. Audit Scope
2. Audit Objectives (Various controls)
3. Statement of applicability (SOAs)
Auditors are drawn from a pool of auditors
Approval by CISO Communication to Auditee/ Business unit/Location
Conduct Audit
-
7/29/2019 ISMS Quality Audits
7/9
7
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Information Security Auditing
Auditors to understand the standards and objectives based established controls
Conduct Audit as per audit calendar
Check compliance using checklist for various controls
Prepare Audit Report
Record Non compliance
Communicate to Auditee who takes corrective and preventive action
Follow up audit conducted to verify the corrective action taken by the Auditee
-
7/29/2019 ISMS Quality Audits
8/9
8
Xchanging 2009, no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging.
Information Security Audit Reporting
Audit Report and Non compliance are recorded
Communicated to Auditee who takes corrective and preventive action
Audit team verifies the corrective action taken by the Auditee
Records of audits are kept with the internal audit group
-
7/29/2019 ISMS Quality Audits
9/9