RM-07—ISMS Internal Audit Requirements

>Control Description

Internal audit establishes and executes a plan to evaluate applicable controls in the Information Security Management System (ISMS) at least once every 3 years.

Theme

Process

Type

Detective

Policy/Standard

Risk Management Standard

>Implementation Guidance

1. Ensure that the organization possesses an audit program document that enumerates the particular controls slated for testing within its Information Security Management System (ISMS). 2. Ensure that the outcomes of internal audit for ISMS controls is reviewed on a periodic basis.

>Testing Procedure

1. Inspect audit program document that lists out specific controls to be tested in the ISMS. 2. Inspect the results of internal audit of ISMS controls and note the cadence of such audits.

>Audit Artifacts

E-RM-12

E-RM-13

E-RM-11

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

ISO 270011

FedRAMP Rev 51

TX-RAMP1

Ask AI

ISO 27001
1

FedRAMP Rev 5
1

TX-RAMP
1