License management Auditing
Could you possibly point me in the right direction in ISO 27001 where I can find information about License management Auditing?
Assign topic to the user
Please note that ISO 27001 does not approach specifics about processes and technologies. It only defines requirements for information security management and information security objectives to be achieved.
Considering that "License management" involves the control and documentation of the software products your business uses, and where and how they are used, you should consider at least auditing these controls:
- A.8.1.1 Inventory of assets
- A.8.1.3 Acceptable use of assets
- A.12.5.1 Installation of software on operational systems
- A.12.6.2 Restrictions on software installation
- A.18.1.1 Identification of applicable legislation and contractual requirements
- A.18.1.2 Intellectual property rights
This article will provide you a further explanation about developing an audit checklist:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding performing an audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Sep 24, 2020