01) Does your organisation conduct an annual independent information security review?
Security Governance Independent Security Review
Written by Haydn Brooks
Created on May 19, 2019
Modified on February 25, 2020

Answer yes if your organisation conducts an annual information security review that is completed by an independent third party. Please add the date of your last review to the notes.

An annual security review conducted by an external and independent third party helps to ensure that your implemented security controls are effective in mitigating you company’s security risks.

The length and depth of a security review will typically be scoped out by the independent third party and will help you to understand any gaps in your security and risk management controls.

How to implement the control:

Most information security consulting firms will complete an information security review that will look at the security risks your company is exposed to and map them to implemented security controls, highlighting any gaps.

We recommend Genium4.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.