Information Security

Dansk

 Information Security Information security management at AU (ISMS) Information security management locally STEP 3

Information security locally - STEP 3

The activities in STEP 3 focus on follow-up in the form of internal/external audits to ensure the unit meets relevant requirements for information security.

Activities

The activities listed under STEP 3 are minimum requirements. If the risk assessment requires further measures, these will be carried out locally.

  • Internal audits, and external audits if collaboration partners or the authorities require external control.
  • Compare activities initiated with activities in the checklist for PLAN, DO, CHECK and ACT - and implement any outstanding activities.
  • Ensure that all relevant parties are familiar with the process for the annual review of all local information security activities, and that the process is supported by the annual planning cycle and the PLAN, DO, CHECK and ACT phases.

If the goal is certification, there may be a need for further documentation and measures, in which case see the annual planning cycle for ISMS.

Do you need help?

Contact the Information Security Unit, if you have questions, comments or need help. 

An audit is an inspection to answer the following questions:

  • Do we have what we say we have?
  • Are we doing what we say we are doing?
  • Does it fulfil its purpose?
  • And does it work as intended?
  • Do we meet relevant requirements and guidelines?
Revised 30.10.2023
-
Informationssikkerhed