|
|
 |
PKI Policies and Procedures: Audit Guidelines
International standards, national and local legislation and regulations, and corporate policy all dictate a regular audit schedule. In addition, clients, partners, suppliers who use PKI services want to be assured of the trustworthiness of their PKI system. Auditing is an integral part of any PKI system.
Our PKI audit guidelines assist PKI system administrators prepare for audits, both internal audits and audits carried out by an independent third party. In addition to generic audit guidelines, based on auditing against a certificate policy and certification practice statement, SPYRUS works with its customers to develop guidelines for specific audit requirements, such as compliance with the EU Directive or with HIPAA regulations.
For PKI, the PKI Accreditation Guidelines of the American Bar Association Information Security Committee set out a detailed foundation for audit. SPYRUS participated in the drafting and development of the PKI Accreditation Guidelines. Many governments and private-sector organizations use the ISO Standard 17799 Code of Practice for Information Security (December 2000). SPYRUS contributes extensively to the current revision of IS 17799, as well as its companion ISO document, Technical Report 13335 Guidelines on the Management of Information Technology Security. We bring this expertise to you with our audit guidelines template.
For more information on PKI audits, see our "SPYRUS Audit Framework for PKI" [PDF] white paper.
|
|
