Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Audit and Risk Management

  Quote
Guest
Guest user Created:   Oct 07, 2020 Last commented:   Oct 07, 2020

Audit and Risk Management

I'm in the process of an audit for license and patch management for an internal audit...Which documentation is needed for such audit process?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 07, 2020

I'm assuming you are auditing considering ISO 27001.
 
Considering that, first you need to consult the Statement of Applicability, to identify which controls are related to license and patch management (e.g., A.11.2.7 Secure disposal or reuse of equipment, A.12.5.1 Installation of software on operational systems, and A.12.6.1 Management of technical vulnerabilities), and how these controls are implemented.
 
Based on that you can build a checklist with documents and records you need to look for.  

This article will provide you a further explanation about developing an internal audit checklist:

These materials will also help you regarding internal audit:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 07, 2020

Oct 07, 2020

Suggested Topics