Audit and Risk Management
I'm in the process of an audit for license and patch management for an internal audit...Which documentation is needed for such audit process?
Assign topic to the user
I'm assuming you are auditing considering ISO 27001.
Considering that, first you need to consult the Statement of Applicability, to identify which controls are related to license and patch management (e.g., A.11.2.7 Secure disposal or reuse of equipment, A.12.5.1 Installation of software on operational systems, and A.12.6.1 Management of technical vulnerabilities), and how these controls are implemented.
Based on that you can build a checklist with documents and records you need to look for.
This article will provide you a further explanation about developing an internal audit checklist:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Oct 07, 2020