Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence.
Audit management process security should include:
- Secure role-based access and authorization and secure communication and storage.
- Controls to protect audit data confidentiality, integrity, and availability.
- Periodic reporting, including issues and remediation plans per organizational requirements.
- Examine policy related to the establishment and conduct of audits.
- Determine if audit programs are established and aligned to the requirements of the organization, including the audit charter.
- Determine if the organization upholds the independence of the audit program.
- Determine if the conduct of audits is defined, approved at the appropriate level, and reviewed for effectiveness.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.