Guidance for Improving your Internal Audits For an Information Security Management System

In this episode, Howard and Jim discuss, Guidance for Improving your Internal Audits for an Information Security Management System.

Highlights include:

• Does the information security auditor have the proper security clearance to access documented information.
• Person Identifiable Information, or other sensitive information, must be handled properly according to any legal requirements that the organization might have.
• Companies that outsource their internal audit activities, need to ensure that the outsourced auditor needs to be vetted to make sure they can view a sensitive information.
• The lead auditor needs to determine the extent to which evidence that’s not available to the audit team during the audit, affects the confidence in the audit findings.
• The auditor needs to verify that any documentation required by the audit criteria is going to be available, and that controls have been put in place by the organization that they’re auditing.
• The introduction of Annex A and the Statement of Applicability (SOA) as described in ISO 27002:2022.

In The Next Episode

Howard & Jim will review the changes in the new edition of ISO 27001:2022

Listen Now