ISACA launches security audit programs for BYOD, data privacy and outsourcing

The BYOD Audit/Assurance Program helps auditors provide management with an assessment of BYOD policies and procedures, identify internal control and regulatory deficiencies and identify information security control concerns that could affect the reliability, accuracy and security of the enterprise data.

The Personally Identifiable Information (PII) Audit/Assurance Program, meanwhile, assesses PII policies and procedures. It also focuses on private data and storage locations, including the deployment and effectiveness of an organization-wide data classification scheme, policies and procedures relating to action needed after a breach of PII confidentiality, and training employees in handling and processing PII and data privacy.

And, finally, the Outsourced IT Environments Audit/Assurance Program gives auditors an independent assessment of the IT outsourcing process. It includes checking for compliance with outsourcing contracts, accuracy of billing and successful remediation of any issues identified during the execution of business processes.

It also helps auditors evaluate internal controls affecting business processes related to outsourcing, and permits the audit/assurance professional to place audit reliance on the data and operational processes performed by the supplier on behalf of the customer.

“ISACA’s audit programs can be used by auditors worldwide as a road map for specific assurance processes,” said Greg Grocholski, international president of ISACA and global business finance director for the ventures and business development unit within the Dow Chemical Company. “They can be customized by IT auditors in any type of environment to help them conduct effective reviews that will help ensure trust and value in the enterprise’s information systems.”

The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF), and align with the COBIT business framework for governance and management of IT. They have been developed by experienced assurance professionals and are peer reviewed.

Other ISACA audit programs include cybercrime, social media, crisis management, change management and cloud computing. The audit/assurance programs are free for ISACA members, and downloadable in a Word document.

What’s hot on Infosecurity Magazine?