>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

EM-08Information Security Function

>Control Description

Quarterly, the Chief Security Officer meets with the Audit Committee to review key Information Security issues. Results of continuous monitoring activities and current security compliance status are presented to the Audit Committee and the Board of Directors.

Theme

Process

Type

Preventive

Policy/Standard

Information Systems Operations Policy

>Implementation Guidance

1. Ensure audit committee reviews the Information security issues at least quarterly and document the issues identified along with the plan of action for risk remediation. 2. Ensure Minutes of Meetings to be documented stating the compliance status. 3. Ensure results of continuous compliance activities and current compliance status are reported to the Audit Committee and the Board of Directors in the form of PowerPoints, documents, etc.

>Testing Procedure

1. Validate whether information security issues are reviewed at least quarterly by the audit committee along with remediation plans. 2. Inspect minutes of audit committee meeting with chief security officer to ensure security compliance status along with the continuous monitoring of action plan is discussed.

>Audit Artifacts

E-EM-15

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27001
1

9.3

Ask AI

Configure your API key to use AI features.