Internal Organization Security Audit Checklist
Internal Organization Security Audit Checklist
Clause 6.1 ISO 27001
1. Management Commitment to Information Security
• Whether management demonstrates active support for security measures within the organization. This can be done via clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities.
2. Information Security coordination
• Whether information security activities are coordinated by representatives from diverse parts of the organization, with pertinent roles and responsibilities
3. Allocation of Information Security responsibilities
• Whether responsibilities for the protection of individual assets, and for carrying out specific security processes, were clearly identified and defined.
4. Authorization process for Information processing facilities
• Whether management authorization process is defined and implemented for any new information processing facility within the organization.
5. Confidentiality Agreements
• Whether the organization’s need for Confidentiality or Non-Disclosure Agreement (NDA) for protection of information is clearly defined and regularly reviewed.
• Does this address the requirement to protect the confidential information using legal enforceable terms
6. Contact with Authorities
• Whether there exists a procedure that describes when, and by whom: relevant authorities such as Law enforcement, fire department etc., should be contacted, and how the incident should be reported
7. Contact with special interest groups
• Whether appropriate contacts with special interest groups or other specialist security forums, and professional associations are maintained.
8. Independent review of Information Security
• Whether the organization’s approach to managing information security, and its implementation, is reviewed independently at planned intervals, or when major changes to security implementation occur.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Tuesday, November 24th, 2009 at 3:14 pm and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
