Audit activities are a major diagnostic tool for security management and act as feedback to provide information on the state of the organization's cyber security system and its ongoing processes. Audits represent an independent source of information and cover all business processes that make up the organization's security system.

Audits of security systems represent a systematic and independent examination of the level of security to determine whether the security activity and related results are in line with the planned objectives and whether these are implemented effectively and are suitable for achieving the objectives. On the basis of the information provided by the audits, security management must take the necessary measures to improve the cyber security system.

The primary objective of any audit must be to find out facts, not errors.

  • Nonconformity management
  • Nonconformity removal plans
  • Duties and responsibilities
  • Parameters of meeting objectives and their link to audit findings
  • Verification of measures in place

ISO-audit