Chapter 3. What Is the Scope of an IT Compliance Audit?
AUDITS COME IN ALL SHAPES AND SIZES. Regardless of size, audits represent a systematic and measurable assessment of the environment of an organization. Auditing for IT compliance is part of the ongoing process to ensure an organization is putting in place and maintaining effective security policies and controls. The audit makes use of various tools, but is primarily concerned with how the security policies are actually used. The IT environment is vast, and can be broken down into manageable and auditable chunks or domains. This chapter explores what is required to achieve and sustain compliance across different scopes of the IT environment.
Get Auditing IT Infrastructures for Compliance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.