Professional Documents
Culture Documents
NTask IA T 012 Internal Audit Checklist
NTask IA T 012 Internal Audit Checklist
Information security in
6.1.5
project management
7.1.1 Screening
Results
I identify goals aligned with the organization’s strategic direction,
and achieve results.
Initiative
I anticipate needs, engage in problem-solving, and take action without
explicit instructions.
I take initiative to discover new work challenges, and influence events
leading to the organization’s success.
Development
I demonstrate a commitment to
the improvement of my knowledge and skills.
Growth
I am proactive in identifying areas for self-development, and other areas
for growing my skills.
Please provide us with any additional thoughts or details related to the self-assessment of your skills.
Verify policy implementation by tracing links back to policy statement. Check policy review/revisions. Determine how the policy is com
Evidence of
compliance?
Roles and
responsibilities defined?
Segreation of duties
defined?
Verification body /
authority contacted for ✘
compliance
verificiation?
Evidence of information
security in project ✘
management?
resource security
employment
employment?
2 How is it defined?
3 Is it reasonable?
5. Leadership
5.1 Leadership and Commitment
Who is defined as top management within the scope
1
of the ISMS?
How does top management demonstrate leadership
2
and commitment?
5.2 Policy
1 Can I review the information security policy?
6. Planning
6.1 Actions to address risks and opportunities
1 is there a documented risk assessment process?
7. Support
7.1 Resources
How are the resources needed for the ISMS
1
determined?
7.2 Competence
1 Have the necessary competences been determined?
7.3 Awareness
7.4 Communication
How has the need for communication been
1
established?
8. Operation
8.1 Operational planning and control
1 What plans are available to review?
2 How is updated?
9. Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
How is it determined what should be monitored and
1
measured ?
2 Review evidence of monitoring and measurement?
10. Improvement
10.1 Non conformity and corrective action
1 How are nonconformities identified?
A8 Asset Management
8.1. Responsibilities for assets
A9 Access Control
9.1. Responsibilities for assets
A10 Cryptography
10.1. Cryptographic controls
Is there a policy on the use of cryptographic
1
controls?
A 12 Operations Security
12.1 Operational procedures and responsibilities
To what extent are operating procedures
1
documented?
12.3. Backup
A 13 Communications Security
13.1. Network security management
A 15 Supplier Relationships
A 18 Compliance
18.1. Compliance with legal and contractual requirements