License management Auditing

Please note that ISO 27001 does not approach specifics about processes and technologies. It only defines requirements for information security management and information security objectives to be achieved.

Considering that "License management" involves the control and documentation of the software products your business uses, and where and how they are used, you should consider at least auditing these controls:

• A.8.1.1 Inventory of assets
• A.8.1.3 Acceptable use of assets
• A.12.5.1 Installation of software on operational systems
• A.12.6.2 Restrictions on software installation
• A.18.1.1 Identification of applicable legislation and contractual requirements
• A.18.1.2 Intellectual property rights

This article will provide you a further explanation about developing an audit checklist:

• How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding performing an audit:

• ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
• Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/