ORGANIZATIONAL AUDIT
CYBER
The purpose of this audit is to verify the safety organization of the company based on the ISO 27001 standard.
The following points will be audited:
Information Security Policy;
Organization of information security;
Human resource security;
Asset management;
Access control ;
Cryptography;
Physical and environmental security;
Materials;
Operational security;
Communications security;
Acquisition, development and maintenance of IS;
Relationship with suppliers;
Information security incident management;
Business continuity management;
Conformity.
Supplement for an HDS audit "Health Data Hosting:
Supplement based on the requirements of the HDS certification reference system:
ISO 27001 standard "information systems security management system"
ISO 20000 standard. “service quality management system”
Requirements relating to the protection of personal health data
Additional requirements specific to HDS certification
1
Procedure
As deliverable, you will have an audit file including our diagnosis on the maturity of your organization in the form of SWOT (internal or external strengths and weaknesses).
The report also contains our associated recommendations in the form of "Quickwin" action plans, within 6 months, within a year.
A typical audit process is as follows:
Week n-1: Consideration of the environment (retrieval of documentation and analysis)
Week n: Audit day(s) with two consultants (for interviews with the various key players in the company)
Week n+1: Submission of the audit report and presentation
2
Prerequisites
Interlocutors who know their IS well (IT project manager) and the business (MOA project manager or business representative)