[Insert Classification]
Recommended Questions
Audit Findings
Evidence Reviewed
1. 2. 3. 4.
What is the scope of the ISMS? How is it defined? Is it reasonable? Does it consider the relevant issues and requirements? 5. Does it consider how the organization interacts with other organizations? 6. Is the scope documented? 4.4 Information security management system 1. How established is the ISMS? 2. How long has it been running for? 3. How much evidence has been collected so far e.g. records?
5. Leadership 5.1 Leadership and Commitment 1. Who is defined as top management within the scope of the ISMS? 2. How does top management demonstrate leadership and commitment? 3. Are information security policies and objectives established? 4. Are enough resources allocated to the ISMS? 5. How does top management communicate to everyone involved in the ISMS?
Page 4 of 21
ISMS-FORM-09-4