Project 3 – IT Security Audit Policy & Plans
Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System
Audit Plan for assessing employee awareness of and compliance with IT security policies
Are employees aware of the IT security policies in the Employee Handbook?
Do employees know their responsibilities under those policies?
Audit Plan for assessing the IT security policy system
Do required policies exist?
Have they been updated within the past year?
Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?