Information Security Audit
www.riesgoriskmanagement.com
A walkthrough for Information Security Auditors on how Riesgo Risk Management can assist to Carry out IS audit and acquire relevant information to support IS Audit reports.
�Operation overview
1
IS Auditor accounts Internal
External
Audit calendar
2
Scheduling an Audit
Audit Target Audit date proposal/ confirmation
Riesgo RM IS Auditor
3
Audit details
Audit SOW Audit standard
4
Audit evidence Gathering
Audit non compliance
Access to Information Security Portfolio
5
Raise Audit non compliance Notification of Departmental HOD
�Auditor log on
�Key accounts
�External auditor account
Dates which the External Auditor is expected
�Scheduling an IS Audit
Audit calendar Listing all Audits Proposed & Confirmed
�Notification sent via email
�Audit of the target & evidence gathering
Auditor will be able to view the Information Security portfolio of the target and gather evidence of compliance or non compliance
�Audit evidence acquisition
Organisation chart IS policy ownership & responsibility Partner regitser Asset register
Incident register ISMS calendar SAR and FOI dashboard
Auditor will be able to capture evidence from the system and historically check activities
�Registration of non compliance
Auditor will be able to raise non compliance according to the related information security Module. The business unit is notified of the non compliance in order for them to start resolving the issues.
�Implementation & Contact details
• Implementation takes about 3 months to Go live.
– Solution can be custom built and deployed within your network(intranet) or hosted on our secure server (extranet). – Cost vary depending on number of licenses and scale of implementation
• For more information please contact:
– Mateo Isabella
• • • • • London Knowledge Innovation Centre South Bank Technopark 90 London Road SE1 6LN 0207 592 9747
11
�