Foundation for Audit Recording
Introduction
Providing demonstrable evidence is an important for an organization and its employees. This is required for instance for GDPR compliance and ISO 27001 certification.
A key challenge is what needs to be recorded. While there are pointers and even hard requirements in the GDPR and ISO 27001, from an auditor point of view the question is: how do you know you are complete, you don't miss something crucial.
Foundation for Audit Recording
Related Articles
Sign-in and Audit Logs
Introduction By default 30 day rolling sign-in and audit logs are created in order to trouble shoot, provide evidence, improve the quality of myDRE. Access to sign-in and audit logs The Access Control Policy (A.9.1.1) applies. Logs will not be shared ...
20230503 - Internal audit management summary
Internal ISO 27001 audits are a crucial part of the Information Security Management System (ISMS) implementation process. These audits are conducted by an organization's own internal auditors or a team of trained individuals to assess the ...
A.12.7.1 Information systems audit controls
Version: 3.0 Valid until: 2025-04-10 Classification: Low Version Management Version Author(s) Change(s) Date approved 1.0 Stefan van Aalst Edward Robinson Initiation document 2022-06-24 1.1 Edward Robinson Additions/changes as part of the periodic ...
20230606 - External control audit management summary
anDREa B.V. is continuously evaluating and improving its Information Security Management System (ISMS). As such anDREa is ISO 27001:2017 certified as of September 1st 2022. Each year, an external control audit is conducted on selected topics, with ...
20220713 Report Azure White Box Security Audit
Version: 2022-07-14 Introduction anDREa has a Pentest Program program as part of the commitment to protect the security of its business information. At least once a year we request an external party to do the pentest and a white box security audit. ...