Organizations that have implemented an Information Security Management System (ISMS) that meets the requirements of the ISO/IEC 27001 (ISO 27001) standard aim to ensure proper management of confidential information and personal data protection and cyber security.
Organizations, to maintain the proper functioning of the ISMS, must assess the compliance of the ISMS controls with the requirements of the ISO 27001 standard. ISMS internal audit allows to assess whether ISMS processes and planned control measures are properly implemented, as well as to identify non-conformities of the standard and prepare a plan for eliminating non-conformities. In the event that the organization implements the ISMS independently, the ISMS internal audit (control audit) allows to assess whether the organization has fully implemented the ISMS and/or is adequately prepared for certification, maintenance audits, or recertification according to the ISO 27001 standard.
- We prepare the ISMS internal audit program and plan and schedule
- We analyze the information security policy and the internal legislation (policies, procedures, procedures, etc.) regulating the implementation of ISMS, as well as the results of ISMS processes
- During interviews with responsible persons, we evaluate the actual implementation of ISMS and control measures and identify non-compliances
- We prepare an ISMS internal audit report and a plan for eliminating identified non-compliances, and present the results to the responsible persons
- Prepared for ISMS internal audit. ISMS internal audit program and plan and schedule were prepared and implemented.
- The ISMS internal audit was performed. The information security policy, internal legal acts (policies, procedures, procedures, etc.) regulating its and ISMS implementation, as well as the results of ISMS processes, were analyzed. The actual implementation of ISMS and control measures was assessed, and non-conformances were identified.
- Prepared ISMS internal report and non-conformance elimination plan. The ISMS internal audit report and the plan for eliminating identified non-conformances were prepared, the results were presented to the responsible persons.
- ISMS effectiveness was evaluated, ISMS processes that need to be improved were identified
- The effectiveness of information and cyber security control measures was evaluated
- Adequately prepared for certification, maintenance audits and recertification