What does the Information Security Program Audit Team do?

What does the Information Security Program Audit Team do?

The ISPA audit team performs audits to ensure entities are in compliance with NIST and SAM Chapter 5300. After an entity is selected to receive an audit, the auditor assigned to lead the audit oversees the engagement which includes the following milestones and processes:

  • Notification to the entity an audit will be performed
  • Receipt of engagement package by entity
  • Dates for audit to be conducted are confirmed
  • Preliminary articles are gathered and reviewed
  • Engagement (entrance) conference is held
  • Technical kickoff is held (if needed)
  • Field work (discovery, interviews, testing)
  • Draft Audit Report is compiled by lead auditor
  • Exit conference is conducted
  • Final Report issued