The audit team leader should prepare for onsite audit activity by preparing the IT Security Audit Plan Template and assigning tasks to members of the audit team. ITSD107-3 IT SECURITY AUDIT PLAN should cover audit objectives, audit criteria, audit scope, estimated duration, and more. Audit team members should prepare work documents, such as audit checklists, sampling plans, and forms for recording information (minutes of meetings, supporting evidence, audit findings, etc.).
The audit team should conduct the onsite audit, which should consist of:
The audit team leader should conduct a closing meeting in order to formally present the audit team’s findings and conclusions, to verify the understanding and obtain the acknowledgement of the Information Technology Security Manager, and if nonconformities are found, to agree on a timeframe for the Information Technology Security Manager to present a corrective and preventive action plan.