VII. INFORMATION SYSTEMS AUDIT
The information systems’ audit employs an outside entity to assess the organization’s corporate security (and other information systems) plan. The auditor should attest whether or not the plan meets accepted standards, and should identify strengths and weaknesses.