The InfoSec Blog

Audit Frequency

Posted by Anton Aylward

In one of the forums I subscribe to the question came up "How often should one carry out an internal audit?"  There were variations on this to do with external  audits as well.   Lets suppose you aren't one of the relicrant types that take the attitude that audits aren't necessary or that an audit - or a risk analysis for that mater - needs to be done just the once.

How often?  Yearly?  Ever Six Months?  Every Month?

Maybe. maybe not.
If you are one of a certain set of classes of organizations there are rules that mandate when you get audited. For example, if you process credit cards then the PCI:DSS rules apply to you.

If you are a bank, you should check for Basel II and FFIEC regulations.

And so forth.

Tagged as: , , , , Continue reading
   

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

Categories

Archives

Calendar of Posts

September 2017
M T W T F S S
« Nov    
 123
45678910
11121314151617
18192021222324
252627282930  

Meta

Security Links