>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

COM-03Internal audits of the information security management system

>Control Description

Subject matter experts check the compliance of the information security management system at regular intervals, at least annually, with the relevant and applicable legal, regulatory, self-imposed or contractual requirements (cf. COM-01) as well as compliance with the policies and instructions (cf. SP-01) within their scope of responsibility (cf. OIS-01) through internal audits (cf. § 9.2 of ISO/IEC 27001). Identified vulnerabilities and deviations are subject to risk assessment in accordance with the risk management procedure (cf. OIS-06) and follow-up measures are defined and tracked (cf. OPS-18). Additional criteria: Internal audits are supplemented by procedures to automatically monitor applicable requirements of policies and instructions with regard to the following aspects: • Configuration of system components to provide the cloud service within the Cloud Service Provider's area of responsibility; • Performance and availability of these system components; • Response time to malfunctions and security incidents; • Recovery time (time to completion of error handling); Identified vulnerabilities and deviations are automatically reported to the appropriate Cloud Service Provider’s subject matter experts for immediate assessment and action. Cloud customers can view compliance with selected contractual requirements in real time.

Ask AI

Configure your API key to use AI features.