[Insert Classification]
Recommended Questions
Audit Findings
Evidence Reviewed
A16. Information security incident management 1. Is there an information security incident procedure? 2. Are responsibilities for incident management understood? 3. How are information security events and weaknesses reported? 4. How is the decision about whether to classify an event as an incident made? 5. Review how some of the most recent incidents were responded to. 6. How is knowledge gained from incidents re-used? 7. Are procedures in place to ensure that potential evidence is protected? A17. Information security aspects of business continuity management 1. Are information security requirements in the event of a disaster understood? 2. Do business continuity procedures provide for the required level of information security? 3. Are the procedures tested at regular intervals? 4. Are availability requirements identified and is sufficient redundancy in place to
Page 19 of 21
ISMS-FORM-09-4