We're building the future of Supply Chain Security. View Roles

01) Does your organisation conduct an annual independent information security review and act upon the findings?

August 31, 2022 Security Governance Independent Security Review

Answer yes if your organisation engages a third party to conduct an annual information security review, the findings are assessed by your organisation and acted upon if necessary. If yes, please add the date of your last review to the notes.

An annual security review conducted by an external and independent third party helps to ensure that your implemented security controls are effective in mitigating you company’s security risks.

The length and depth of a security review will typically be scoped out by the independent third party and will help you to understand any gaps in your security and risk management controls.

How to implement the control:

Most information security consulting firms will offer an information security review that will look at the security risks your company is exposed to and map them to implemented security controls, highlighting any gaps.

We recommend Genium4.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Leave a public comment

Please do not submit your answer on the knowledge base.