Download ISO 27001 / ISO 17799 Audit Questions and Checklist

Below sample question that yout can find in the ISO7799 Audit Questions and Checklist. The excel list also could be downloaded below

• Whether there exists an Information security policy, which is approved by the management, published and communicated as appropriate to all employees.
• Whether it states the management commitment and set out the organisational approach to managing information security.
• Whether the Security policy has an owner, who is responsible for its maintenance and review according to a defined review process.
• Whether the process ensures that a review takes place in response to any changes affecting the basis of the original assessment, example: significant security incidents, new vulnerabilities or changes to organisational or technical infrastructure.
• Whether there is a management forum to ensure there is a clear direction and visible management support for security initiatives within the organisation.
• Whether there is a cross-functional forum of management representatives from relevant parts of the organisation to coordinate the implementation of information security controls.
• Whether responsibilities for the protection of individual assets and for carrying out specific security processes were clearly defined.
• Whether there is a management authorisation process in place for any new information processing facility.  This should include all new facilities such as hardware and software.
• Whether specialist information security advice is obtained where appropriate

Download All question checklist