tailieunhanh - Good Practice Guidance Delivering Audit Assignments: A Risk-based Approach

Since sensitive data of the organisation may need to be disclosed during a call for tenders procedure for an IS audit, a restricted request procedure or limited competition should be performed, depending on the types of activities of the organisation, to guarantee the confidentiality of the information. Depending on the protection requirements of the information, the service providers and IS auditors may need to verify their trustworthiness in accordance with the German ”Law on Security Clearance Checks” (SÜG - see [SÜG]). Authorisation to view classified materials must be provided, if necessary, by presenting a valid personal security clearance certificate. It must also. | Good Practice Guidance Delivering Audit Assignments A Risk-based Approach November 2005 HM TREASURY HM TREASURY Good Practice Guidance Delivering Audit Assignments A Risk-based Approach November .