Expert Advice Community

Home / ISO 27001 & 22301 / 10.1.2 Key management

Guest

10.1.2 Key management

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 05, 2021 Last commented:   Oct 05, 2021

10.1.2 Key management

ISO 27001 & 22301
I wanted to ask how I can check annex 10.1.2 Key management during the internal audit session what's needed to be satisfied these requirements.
0 0

Assign topic to the user

ISO 27001 INTERNAL AUDITOR COURSE

Everything you need to perform the internal audit for the first time.

ISO 27001 INTERNAL AUDITOR COURSE

Everything you need to perform the internal audit for the first time.
Expert
Rhand Leal Oct 05, 2021

To audit control 10.1.2 Key management you need to identify the defined requirements for generating, storing, archiving, retrieving, distributing, retiring, and destroying keys. Once these are identified you can start verifying if the implemented processes are being performed according to the requirements.

Examples of evidence are:

  • requests for key generation
  • records of key delivery to users
  • records of key revocation

This article will provide you further explanation about key management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 05, 2021

Oct 05, 2021

Suggested Topics
Guest user Created:   Jan 24, 2020 ISO 27001 & 22301
Replies: 1
0 0

Applicability of A.10.1 Cryptographic Controls
Guest user Created:   Mar 28, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 for datacenters