Template content
Assign topic to the user
so I can update that document accordingly as we got a NC for this during an audit?
Answer: Control A.18.2.3 (Technical compliance review) requires regular review of organization's compliance with information security policies and standards, so this control can be covered by the Internal Audit procedure template. You should also consider review the documents from the toolkit that you implemented that regulate technology issues (e.g., Policy on the Use of Cryptographic Controls), because responsibilities defined on them may cover some degree of compliance review.
It is important to note that there is no need to create a new document to cover this control, rather it is much better if you cover this control with existing documents from the toolkit.
Comment as guest or Sign in
Apr 18, 2018