Information Security Policy

The first thing you have to consider is the identification of the requirements this Information Security Policy must comply to (e.g., laws, contracts, standards, etc.), then, based on these requirements you can plan what to look for as evidences that this policy is implemented and being followed.

I suggest you to take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/

This toolkit has four documents (Internal Audit Checklist, Procedure for Internal Audit, Annual Internal Audit Program, and Internal Audit Report) that can help you perform an internal audit considering the ISO 27001, the leading ISO standard for information security, in a easy and efficient way.

These articles will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 h ttps://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/