Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Audit and Risk Management

  Quote
Guest
Guest user Created:   Oct 07, 2020 Last commented:   Oct 07, 2020

Audit and Risk Management

I'm in the process of an audit for license and patch management for an internal audit...Which documentation is needed for such audit process?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 07, 2020

I'm assuming you are auditing considering ISO 27001.
 
Considering that, first you need to consult the Statement of Applicability, to identify which controls are related to license and patch management (e.g., A.11.2.7 Secure disposal or reuse of equipment, A.12.5.1 Installation of software on operational systems, and A.12.6.1 Management of technical vulnerabilities), and how these controls are implemented.
 
Based on that you can build a checklist with documents and records you need to look for.  

This article will provide you a further explanation about developing an internal audit checklist:

These materials will also help you regarding internal audit:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 07, 2020

Oct 07, 2020