|
11
|
Compliance (CC-21000, semi-annual audit)
- A company shall regularly (at least annually) carry out an information security audit (either internally or outsourced to a professional institution) and keep an audit log.
- Whether the company monitors improvement made in response to the aforementioned information security audits (including audit summaries, scope of audits, description of deficiencies, and recommendations for improvement).
|