ISO 27001 Annex : A.12.7 Information Systems Audit Considerations
ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Its objective is minimizing the impact on operating systems of audit activities. A.12.7.1 Information Systems Audit Controls Control- The audit criteria and activities related to operating system verification should be carefully prepared and decided in order to reduce business process disturbance. Implementation Guidance – It is necessary to follow the following guidance: audit standards for access to systems and data should be negotiated with appropriate management; Scope should be agreed and controlled on the technical audit tests; Audit processing should be restricted to read-only access to applications and data; Access, rather than read-only, should only be permitted for isolated copies of system files, which should be deleted when the audit is completed, or provided with adequate security where such files are needed to be held in accordance with the docume...