Chapter Eleven

ISecGrade Auditing Framework

IN THIS CHAPTER, WE learn about the ISecGrade framework for conducting an information systems audit and according a risk score to the audit object. At the end of this chapter we will be in a position to use the ISecGrade framework while conducting an information systems audit.


The ISecGrade framework is an open source project undertaken by South Asian Management Technologies Foundation. The design process involved consulting various open source and proprietary tools and processes. The designed draft framework was implemented in various organizations with the help of a practicing information systems audit firm. The project has been enriched by practical experience gained from putting the framework to use.

The framework has two components:

1. Checklists to ascertain adherence to the information systems management best practices.
2. Grading methodology to award ISecGrade certification to the auditee.

The information systems audit community is free to use the checklists and conduct information systems audits under the ISecGrade framework.


The approach and sample checklists compiled and designed under the ISecGrade framework are available for use by the purchasers of this book. The grading methodology and compilation is made by South Asian Management Technologies Foundation. Information systems auditors or other auditing entities may award the ISecGrade certificate according a risk grading to their ...

Get Understanding and Conducting Information Systems Auditing + Website now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.