Guest
10.1.2 Key management
I wanted to ask how I can check annex 10.1.2 Key management during the internal audit session what's needed to be satisfied these requirements.
Assign topic to the user
Expert
Rhand Leal
Oct 05, 2021
To audit control 10.1.2 Key management you need to identify the defined requirements for generating, storing, archiving, retrieving, distributing, retiring, and destroying keys. Once these are identified you can start verifying if the implemented processes are being performed according to the requirements.
Examples of evidence are:
- requests for key generation
- records of key delivery to users
- records of key revocation
This article will provide you further explanation about key management:
- How to use the cryptography according to ISO 27001 control A.10 https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/
Comment as guest or Sign in
Oct 05, 2021
Oct 05, 2021
Oct 05, 2021