INTELLILINK Information Security Audit Services
Evaluate the implementation status of
security management for information assets
It is important to understand the effectiveness of the information security measures of organization, and then review and improve them to improve the information security management level.
Based on the Information Security Audit Standards and Information Security Management Standards of the Ministry of Economy, Trade and Industry, INTELLILINK Information Security Audit Service evaluates whether security management measures for information assets are effectively implemented, identifies security problems and provides advice for improvement.
Necessity of Information Security Audit
- Many organizationals stick to individual measures
- Directing improvements is difficult
- Unaware of the benefits gained from conducting the audit
- Absence of information security management department or lack of expertise
→ Information Security Audit System
Overview of INTELLILINK Information Security Audit Service
The INTELLILINK Information Security Audit Service can formulate and implement individual management standards based on customer requirements, tailored to the actual conditions of each organization.
Audit standards applied (selected)
- Information Security Management Standards
- Predetermined information security related standards
- Industry-specific laws and regulations, voluntary rules, etc.
Gaps with current situation
- Evaluation of validity
- Evaluation of compliance
- Evaluation of implementation status
Audit report
- Gaps found with standards
- Findings and improvements
- Suggestions for improvement
Evaluation method applied (selected)
Each audit trail
- Hearing for the person in charge
- Document review
- Site visit and observation
- System setting value review
Flow of INTELLILINK Information Security Audit Service
Preparing basic audit policy | Formulating audit implementation plan | Obtaining and evaluating audit evidence | Preparing audit report | Conducting briefing session |
---|---|---|---|---|
Clarify the audit criteria and confirm the overview of the work to be audited and organizational structure. | Determine the timing of the audit and evaluation method, and prepare audit implementation plan. | Evaluate compliance and validity with respect to requirements through interviews and reviews. | Summarize the status of compliance with the management standards, findings, and areas for improvement in the report. | Conduct briefing session and provide suggestions on how to improve information security operations. |
Provide auditing service by experts
In addition to certifications such as "CISA (Certified Information Systems Auditor)" and "System Audit Engineer," we also have a number of information security-related certifications such as CISSP and QSA. INTELLILINK Information Security Audit Service is led by such qualified personnel to provide auditing services.
*This service is registered under "Information Security Service Standards Examination and Registration System" by the Japan Security Audit Association (JASA), a non-profit organization, which conducts the audit and registration.