Guest
How to record measurements against ISMS Metrics
Hello,
I would like to know how is the measurement against the defined ISMS metrics shown to the auditor.
For e.g. if the metric says "how many number of systems exist with outdated patching level out of all the systems".
Does the evidence have to be shown to the auditor by way of a form ? Does each ISMS Metric need a form to be submitted as an evidence of measurement taken.
Regards.
Assign topic to the user
You should show it in any way that is convenient for you - for example, if you have a software that automatically creates reports or dashboards, then you can show the results to the auditor in that way.
On the other hand, if you prepare some more complex results manually, than you can use some form or a report (for more complex measurements).
In other words, every ISMS measurement must be documented, but not every ISMS measurement must be written in some form.
Comment as guest or Sign in
Jan 13, 2016
Jan 13, 2016
Jan 13, 2016