To minimise business and reputational risk, it’s important that your current procedures, controls and processes within the Information Security Management System (ISMS) are in line with security standards, regulations and your organisation’s policies. The ISMS should also be effectively implemented and maintained.
This is where performing regular audits at planned intervals will identify whether information security controls:
– Meet your organisation’s context and risks regarding information security.
– Are effectively implemented and maintained.
– Are defined using a risk based approach, and updated policies and standards exist, and have been communicated to employees and external parties.
Our Approach
We evaluate the following:
There is leadership support and commitment to information security.
Information security risk management process is formalised, well communicated and aligned with the business risk profile.
Information security controls are documented, evolved and continuously monitored and improved.
Security policies and standards are formalised, reflecting the environment.
Security policies and standards are communicated with employees.