Foundation for Audit Recording

Foundation for Audit Recording

Introduction

Providing demonstrable evidence is an important for an organization and its employees. This is required for instance for GDPR compliance and ISO 27001 certification.

A key challenge is what needs to be recorded. While there are pointers and even hard requirements in the GDPR and ISO 27001, from an auditor point of view the question is: how do you know you are complete, you don't miss something crucial.

Foundation for Audit Recording

anDREa answers this question with: we make use of Assessment Framework for Services. This is the basis for deciding what and why to record in the audit recording.

See for the definition of audit recording



    • Related Articles

    • 20240612 - External control audit management summary

    • Sign-in and Audit Logs

      Introduction By default 30 day rolling sign-in and audit logs are created in order to trouble shoot, provide evidence, improve the quality of myDRE. Access to sign-in and audit logs The Access Control Policy (A.9.1.1) applies. Logs will not be shared ...
    • 20230503 - Internal audit management summary

      Internal ISO 27001 audits are a crucial part of the Information Security Management System (ISMS) implementation process. These audits are conducted by an organization's own internal auditors or a team of trained individuals to assess the ...
    • A.12.7.1 Information systems audit controls

      Version: 3.0 Valid until: 2025-04-10 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2022-06-24 1.1 Edward Robinson Additions/changes as part of the periodic ...
    • 20230606 - External control audit management summary

      anDREa B.V. is continuously evaluating and improving its Information Security Management System (ISMS). As such anDREa is ISO 27001:2017 certified as of September 1st 2022. Each year, an external control audit is conducted on selected topics, with ...