Need Help? Call 1-866-711-5837

IT Security Audits Procedure | ITSD107

ITSD107 IT Security Audits Procedure

Share this

easily editable in ms wordIT Security Audits Procedure

The IT Security Audits Procedure ensures your company’s IT security system performs as expected by conforming to legal, regulatory and your own requirements.

The IT Security Audits Procedure also ensures that the system is effectively implemented and maintained. The security audit procedure applies to all IT system and assets. (12 pages, 1572 words)

Your company should conduct internal audits of its security management system at planned intervals (annually, at a minimum) to determine if its control objectives, controls, processes, and procedures conform to legal/regulatory and company information security requirements; are effectively implemented and maintained; and perform as expected.

IT Security Audits Responsibilities:

Information Technology Managers are responsible for attending opening and closing meetings regarding the Information Technology Security audit, reviewing audit findings, and for final approval of the audit report.

The Audit Team Leader is responsible for: conducting and supervising the Information Technology Security audit, supervising audit team members, if any, conducting opening and closing meetings for the audit, preparing and presenting the final audit report.

The Information Technology Security Manager is responsible for reviewing findings of the Information Technology Security audit and overseeing corrective actions, if any.

Information Technology staff are responsible for complying with the Information Technology Security audit while in process and providing assistance to the security auditor, when needed.

IT Security Audits Definitions:

Audit criteria – Policies, practices, procedures, or requirements against which the auditor compares collected audit evidence about the subject matter.

Audit evidence – Records, statements of fact, and other information that are relevant to the audit criteria and verifiable.

Auditee – Party  or parties whose processes, procedures, etc., are the subject of an audit.

Security audit – An examination of a computer system for security problems and vulnerabilities.

IT Security Audits ProcedureIT Security Audits Procedure Activities

  • IT Security Audit Planning
  • IT Security Audit Plan
  • IT Security Audit Review
  • IT Security Audit-Corrective Action

IT Security Audits Procedure References

  • ISO/IEC 27001:2013-Information Security Management Systems- Specification with Guidance for Use
  • ISO19011:2011-Guidelines for Quality and/or Environmental Management Systems Auditing

IT Security Audits Procedure Forms


SKU: ITSD107 Tag: .


Write a review

There are no reviews yet.

This item is included in the following item(s):

Easily develop your Computer & IT Policies and Procedures Manual to standardize your IT Operations with editable MS-Word templates. Use best practices to manage IT vendor management, IT security, IT assets, software development, and administration. Download your IT policy manual now.

More >>

Download the IT Security Policies and Procedures Manual to help provide a safe, secure computer, IT, and network environment to serve the company’s customers’ requirements and ensure stability and continuity of the business.

More >>