How often should the security controls be check-listed?
Answer:
You can check your list of controls as many times as you like in 1 year, but as a minimal you can check this list once a year in the Internal Audit. To perform this check, you can use the Statement of Applicability, because it contains the applicability of all controls.
By the way, if you need information about how to make an Internal Audit, this article can be interesting for you How to make an Internal Audit checklist for ISO 27001 / ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Jan 12, 2016