Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?

Project 3 – IT Security Audit Policy & Plans

Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System

Audit Plan for assessing employee awareness of and compliance with IT security policies

Are employees aware of the IT security policies in the Employee Handbook?

Do employees know their responsibilities under those policies?

Audit Plan for assessing the IT security policy system

Do required policies exist?

Have they been updated within the past year?

Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?