Limited-time offer
Lock in 2024 prices now for ISO 27001 toolkits, course exams, and software!
This offer is valid until December 19, 2024.

Expert Advice Community

Guest

Audit checklist points

  Quote
Guest
Guest user Created:   Mar 25, 2020 Last commented:   Mar 25, 2020

Audit checklist points

I am looking for audit checklist points which can be done remotely while user is on work from home

0 0

Assign topic to the user

ISO 27001 INTERNAL AUDIT CHECKLIST

List of questions to ask during the ISO 27001 audit.

ISO 27001 INTERNAL AUDIT CHECKLIST

List of questions to ask during the ISO 27001 audit.

Expert
Rhand Leal Mar 25, 2020

Considering ISO 27001, please note that the activities users can perform remotely from home is based primarily on the management decision/business need, while the safeguards are determined according to the results of the risk assessment - the audit checklist must take all of these into account.

Normally you should consider at least these points for an audit checklist:
- who may telework (e.g., IT staff, sellers, managers on travel, etc.)
- which services are available for teleworkers (e.g., development environment, invoicing systems, etc.)
- which information can be accessed through telework (e.g., performance dashboards, list of customers, etc.); for more information, see: Information classification according to ISO 27001.
- which access controls shall be applied before access to information and resources is granted (e.g., password, two-factor authentication, use of VPN on communication channels, etc.); for more information, see: How to manage the security of network services according to ISO 27001 A.13.1.2.
- how devices and remote sites should be configured, protected, and used (e.g., devices with cryptography, no use of shared rooms to work, information backup, etc.)

These articles will provide you further explanation about developing this checklist:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- How to apply information security controls in teleworking according to ISO 27001 https://advisera.com/27001academy/blog/2021/10/27/how-to-use-iso-27001-to-secure-data-when-working-remotely/
- What to include in an ISO 27001 remote access policy https://advisera.com/27001academy/blog/2019/04/23/iso-27001-remote-access-policy-how-to-develop-it/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 25, 2020

Mar 25, 2020

Suggested Topics