Compliance and Auditing Policy

Compliance and Auditing Policy

The Compliance and Auditing Policy defines the approach to be taken to ensure the Company is compliant with legal, statutory, regulatory and contractual obligations related to information security and of ant security requirements, standards and internal policies, guidelines and processes mandated by the Company.

The scope and statements within this policy shall also apply to all personal data processed by the Company. “Processing” in this context means any operation concerning personal data throughout the information lifecycle; this includes but is not limited to personal data collected, stored, viewed, transferred, analyzed or communicated in hard copy, oral or electronic form.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. IDENTIFICATION AND COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS
3.1 COMPLIANCE WITH LEGAL, REGULATORY AND CONTRACTUAL INFORMATION SECURITY AND DATA PRIVACY REQUIREMENTS
3.2 INTELLECTUAL PROPERTY RIGHTS
3.3 PROTECTION OF RECORDS
3.4 PRIVACY AND PROTECTION OF PERSONAL DATA
3.5 PREVENTION OF MISUSE OF INFORMATION PROCESSING FACILITIES
3.6 REGULATION OF CRYPTOGRAPHIC CONTROLS
4. INFORMATION SECURITY OPERATIONAL RISK MANAGEMENT
5. INFORMATION SECURITY REVIEWS
5.1 MANAGEMENT REVIEW OF THE INFORMATION SECURITY MANAGEMENT SYSTEM
5.2 INDEPENDENT REVIEW OF INFORMATION SECURITY
5.3 COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
5.4 TECHNICAL COMPLIANCE REVIEW
6. INFORMATION SYSTEMS AUDIT CONSIDERATIONS
6.1 INFORMATION SYSTEMS AUDIT CONTROLS
6.2 PROTECTION OF INFORMATION SYSTEMS AUDIT TOOLS
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION

Pages: 12

Review Compliance and Auditing Policy.

Related Products:

€799.00

Purchase

This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!

€79.00

Purchase

The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography. Cryptographic controls […]

€49.00

Purchase

The objective of the Network Security Policy is to ensure the security of data transfers across Company’s networks and that an adequate level of security exists to protect the network infrastructure.