Quality management

Compliance with legal requirements security Audit Checklist

Compliance with legal requirements security Audit Checklist
Clause 15.1 ISO 17025

1. Identification of applicable legislationn

• Whether all relevant statutory, regulatory, contractual ‎requirements and organizational approach to meet the ‎requirements were explicitly defined and documented ‎for each information system and organization.

• Whether specific controls and individual ‎responsibilities to meet these requirements were ‎defined and documented.‎

2. Intellectual property rights (IPR)

• Whether there are procedures to ensure compliance ‎with legislative, regulatory and contractual ‎requirements on the use of material in respect of which ‎there may be intellectual property rights and on the use ‎of proprietary software products.

• Whether the procedures are well implemented.‎

• Whether controls such as: publishing intellectual ‎property rights compliance policy, procedures for ‎acquiring software, policy awareness, maintaining ‎proof of ownership, complying with software terms ‎and conditions are considered. ‎

3. Protection of organizational records

• Whether important records of the organization is ‎protected from loss destruction and falsification, in ‎accordance with statutory, regulatory, contractual and ‎business requirement.‎

• Whether consideration is given to possibility of ‎deterioration of media used for storage of records.‎

• Whether data storage systems were chosen so that ‎required data can be retrieved in an acceptable ‎timeframe and format, depending on requirements to ‎be fulfilled.‎

4. Data protection and privacy of personal information

• Whether data protection and privacy is ensured as per ‎relevant legislation, regulations and if applicable as per ‎the contractual clauses.

5. Prevention of misuse of information processing facilities

• Whether use of information processing facilities for ‎any non-business or unauthorized purpose, without ‎management approval is treated as improper use of the ‎facility.

• Whether a log-on a warning message is presented on ‎the computer screen prior to log-on. Whether the user ‎has to acknowledge the warning and react ‎appropriately to the message on the screen to continue ‎with the log-on process.

• Whether legal advice is taken before implementing any ‎monitoring procedures.‎

6. Regulation of cryptographic controls

• Whether the cryptographic controls are used in ‎compliance with all relevant agreements, laws, and ‎regulations. ‎

Related documents

• ISO 27001 checklist

Advertisement

Sponsor sites:

1. Phrases For Performance Appraisals.

2. Interview questions and answers.
This entry was posted on Wednesday, November 25th, 2009 at 6:41 am and is filed under ISO 27001 checklist. You can leave a response, or trackback from your own site.