EXPERT RESPONSE
In general, good companies do the following:
- Assess the organization's needs
- Develop policies to meet these needs
- Implement these policies
- Train the employees accordingly
- Perform an audit to ensure the above items are in compliance.
The methodology used by the auditor can vary depending on the scope and requirements of the audit. In addition, many auditors are also now certified by the Information Systems Audit and Control Association, or ISACA, which is a great organization.
|