Information Security, Risk Management
Governance and Audit.
OVERVIEW
INFORMATION SECURITY
RISK MANAGEMENT
GOVERNANCE
AUDIT
BRIEF
“Information is your organizations most valuable asset so why not protect it in the same you way you protect your physical assets?
Yew Tree Services can help you make the most of your information by making sure it is there when you need it and managed in line with international standards and legislation.”
www.yewtreeservices.co.uk
HOME
ABOUT US
STANDARDS
CONSULTATION
RESOURCES
CONTACT US

Information Security Auditing

An information security audit is an examination of the controls within an entity's Information management infrastructure. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. By evaluating the results of the audit against the declared intentions of the businesses information management processes it can ensure whether the organization's information systems safeguard assets, maintains data integrity, and is operating effectively and efficiently to achieve the organization's goals or objectives.
 

The audit lifecycle.

The Audit lifecycle has four basic stages:

Audit Planning
Each audit starts with an audit planning meeting. This will allow the business and the auditors to agree the essential aspects of the audit, being:

  • Audit Objective
  • Audit Scope
  • Timelines and dates covering document reviews, site visits and review meetings
  • Key risks, concerns and known issues

Audit Activities
The actual act of carrying out the audit consists of a number of processes:

  • Document Reviews
  • Site Meetings, including meetings with responsible individuals who are covered by the audit scope
  • Audit Review Meeting

Audit Reporting
Before the final audit report is published the auditor will produce a draft report for review by the client. This will include findings and recommendations made by the auditor. If the audit was carried out as part of a compliance check against ISO27001 or other industry standards then formal notifications of non-compliance issues would be made as part of this report. Formal responses to this draft report are required before the final report can be made.
Once the draft report has been reviewed the auditor will write a final report which incorporates the draft report responses and which will then be issued to the client for acceptance.

Audit Closure
The final audit closure meeting is the point at which the final audit report is formally handed over and accepted by the client. It may also include forward planning of the next audit or discussions on possible follow up to the audit findings if desired.
Copyright © Yew Tree Services 2007 | Privacy Policy | Terms of Use | Contact Us