A.15.3 Information systems audit considerations

Objective: To maximize the effectiveness of and to minimize interference to/from the information systems audit process.

A.15.3.1 Information systems audit controls

Control

Audit requirements and activities involving checks on operational systems shall be carefully planned and agreed to minimize the risk of disruptions to business processes.

A.15.3.2 Protection of information systems audit tools

Control

Access to information systems audit tools shall be protected to prevent any possible misuse or compromise.

Lumension Risk Manager provides a comprehensive view across hundreds of global regulations, mandates and internal policies improving the efficiency of controls and reducing risk. 

Lumension Risk Manager provides the capabilities to:

• Align business interests (sales and manufacturing processes, etc.) with IT assets (servers, workstations, applications, etc.), compliance regulations and control frameworks
• Define and model unique risk profiles across your IT assets
• Automate the gathering of compliance and IT risk assessment asset data through integration with Lumension and third party tools (i.e. vulnerability scanners, etc.)
• Benchmark risk assessments against IT control frameworks
• Report on risk,, compliance and remediation metrics across an entire regulation or internal mandate
• Prioritize potential risk by correlating IT assets to critical business processes