Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 282: | Line 282: | ||
:3. plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting. The audit programme(s) shall take into consideration the importance of the processes concerned and the results of previous audits; | :3. plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting. The audit programme(s) shall take into consideration the importance of the processes concerned and the results of previous audits; | ||
:4. define the audit criteria and scope for each audit; | :4. define the audit criteria and scope for each audit; | ||
:5. select auditors and conduct audits that ensure objectivity and the impartiality of the audit process; | :5. select auditors and conduct audits that ensure objectivity and the impartiality of the audit process; | ||
:6. ensure that the results of the audits are reported to relevant management; and | :6. ensure that the results of the audits are reported to relevant management; and | ||
:7. retain documented information as evidence of the audit programme(s) and the audit results. | :7. retain documented information as evidence of the audit programme(s) and the audit results. | ||