Answer yes if your organisation engages a third party to conduct an annual information security review, the findings are assessed by your organisation and acted upon if necessary. If yes, please add the date of your last review to the notes.
An annual security review conducted by an external and independent third party helps to ensure that your implemented security controls are effective in mitigating you company’s security risks.
The length and depth of a security review will typically be scoped out by the independent third party and will help you to understand any gaps in your security and risk management controls.
Most information security consulting firms will offer an information security review that will look at the security risks your company is exposed to and map them to implemented security controls, highlighting any gaps.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.
Please do not submit your answer on the knowledge base.