Information Security Policy Audit Checklist

Information Security Policy Audit Checklist
Clause 5.1 ISO 27001 standard

5.1.1 Information security policy document

• Whether there exists an Information security policy, ‎which is approved by the management, published and ‎communicated as appropriate to all employees.

• Whether the policy states management commitment ‎and sets out the organizational approach to managing ‎information security.‎

5.1.2 Review of Informational Security Policy

• Whether the Information Security Policy is reviewed at ‎planned intervals, or if significant changes occur to ‎ensure its continuing suitability, adequacy and ‎effectiveness.

• Whether the Information Security policy has an owner, ‎who has approved management responsibility for ‎development, review and evaluation of the security policy.‎

• Whether any defined Information Security Policy ‎review procedures exist and do they include ‎requirements for the management review. ‎

• Whether the results of the management review are taken into account.‎

• Whether management approval is obtained for the ‎revised policy.‎

Related documents

ISO 27001 checklist

Advertisement

Sponsor sites:

1. Phrases For Performance Appraisals.

2. Interview questions and answers.
This entry was posted on Tuesday, November 24th, 2009 at 3:11 pm and is filed under ISO 27001 checklist. You can leave a response, or trackback from your own site.

Leave a Reply

CAPTCHA Image
*

Comment moderation is enabled. Your comment may take some time to appear.