The Guideline for IS Audits provides a detailed explanation of the status of the IS audit within the security process and its associated tasks. It shows how an organisation can establish IS auditing in its organisation and which activities are associated with it, such as the preparation of a multi-year audit plan.

For IS auditors, this document is a practical guideline for action that contains specific guidelines and information for conducting an IS audit and preparing a report. In addition, the guideline can also be used as a basis for invitations to tender for IS audits.

Standardising the procedure for an IS audit ensures a consistently high quality. Furthermore, the introduction of this procedure makes it possible to determine the status of the information security of an audited institution in a standardised manner and to track the development in the long term.

The Guideline for IS Audits offers concrete support for action in different areas, including:

• What should be considered when embedding the IS audit in the organisational structure of your own organisation and what are the responsibilities?
• What is the concrete procedure for an IS audit and what are the audit techniques/assessments?
• What are the reporting obligations and how can the results of an IS audit be meaningfully fed back into the ISMS?
• How do I set up an internal audit team and what are the requirements for the auditors' qualifications?
• What needs to be considered for the tender of an IS audit to an external service provider?

Download

Leitfaden IS-Revision V4.0