Day 1 Scope / Activity To Be Assessed Auditor / Team

Approx. Member(s)
Time Involved
09:00 - 09:30 Opening Meeting

09:30 – 11:30 Establishing And Managing The ISMS – Clause 4

- Scope and Boundaries
- Asset register – A.8
- Risk Management – Clause 6

11:30 – 12:30 Documentation Requirements clause 7.5

12:30 – 1:00 Control A.6 Organization of Information Security

1:00 - 2:00 LUNCH

2:00 – 3:00 Physical And Environmental Security A.9
Cryptography A10

3:00 – 3:30 Secure Areas A 11

Equipment

3:30 – 4:30 System Acquisition A 14

Supplier Relationship A 15
4:30 – 5:00 Communication Security A.13.
DAY – 2 Arrival at site
09:00
9:00 – 10:00 Management Responsibility Clause 5.
Policy and it’s communication – A.5
10:00 – 10:30 Control A.7 Human Resource Security

10:30 – 12:00 Roles and Responsibilities – Clause 7

Provision of Resources – Clause 7.1
Training awareness and competency – Clause 7.2
& Clause 7.3
12:00 – 01:00 Operational Security – Clause 8 and control A 12
Procedure and responsibility
Malware
 Backup
Logging & Monitoring

01:00 – 02:00 LUNCH

02:00 – 03:00 Operational Software
Vulnerability Management
IS Audits
Non-conformance & corrective actions and
improvements – Clause 10
03:00 – 04:00 Incident Management A 16
04:00 – 05:00 Business Continuity A 17
Compliance A 18
5:00 - 5:30 Review of audit findings & discussion with the FM
management – Clause 9

05:30 – 06:00 Closing Meeting FM