Topics about Security Assurance
Read more about Assurance at ISACA.
“The lowest level of assurance is realized by performing self-assessments. The second level of assurance is realized by third-party statements and the third level of assurance is realized by continuous auditing.
There are several measures that can be used to assess a suppliers’ environment:
Certification of global standards and frameworks such as ISO 27001, Uptime TIER, TIA-942, and the Payment Card Industry Data Security Standard (PCI DSS)
Self-assessment questionnaires for the supplier, based on standards and frameworks such as ISO 27001, Trust Service Principles and CSA
Type II third-party reports that test the operation of measures periodically using robust standards or frameworks such as ISAE 3402/SSAE16 and SOC reports
Continuous monitoring of measures where there is continuous insight into the functioning of an organization’s control environment and security measures”
| Child pages (Children Display) | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|