Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Operating Procedures for information and communication technology

Hi Dejan Under your toolkit the "Operating Procedures for information and communication technology". Point number 4 Managing records based on this document states "Reports and records related to monitoring and auditing suppliers/ partners - electronic and paper form" I'm confused as to who we are supposed to audit and how we are supposed to audit them ? Thanks

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Sean,

The procedure for auditing of suppliers and outsourcing partners is outlined in section 3.2 of "Operating procedures for information and communication technology" - basically, this auditing should be performed only if those suppliers or outsourcing partners create great risks for your company. E.g. if you are a bank, and a software company develops your core transaction application, then certainly you want to make sure they safeguard the security of your information.

To be able to perform the audits, you have to include such a clause in the contract with the supplier/partner - you have an example of such clause in a document called "Security clauses for suppliers and partners". So, once you are authorized to perform an audit, you can do it either on-site (by visiting them) or off-site (they send you the documentation and other evidence by email).

You can perform the audit yourself, or you can hire a professional auditor to perform the job - in any case, the goal of such audit is to determine whether the supplier/partner complies to all the security requirements you have stated in your contract.

The audit is normally performed once a year, or once in three years.

Dejan

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community