ISO 27001 Media Handling and Protection Audit Policy and Procedures

Download free ISO 27001 Media Handling and Protection Audit Policy and Procedures
Objectives:
- The organization develops and documents media protection policy and procedures;
- The organization disseminates media protection policy and procedures to appropriate elements within the organization;
- Responsible parties within the organization periodically review media protection policy and procedures; and
- The organization updates media protection policy and procedures when organizational review indicates updates are required.

Procedures:
- Examine the media protection policy and procedures; reviewing for documented policy and procedures.
- Examine the media protection policy and procedures and any other relevant documents (e.g., distribution list); reviewing for identification of the organization elements to which the policy and procedures are disseminated or otherwise made available.
- Examine the media protection policy and procedures; reviewing for indication that the responsible parties within the organization periodically review the media protection policy and procedures.
- Examine the media protection policy and procedures; reviewing for indication that the media protection policy and procedures are updated when organizational review indicates that such update is needed.
- Interview an agreed-upon representative sample of organizational personnel with media protection policy and procedure responsibilities; conducting focused discussions to confirm that the media protection policy and procedures are periodically reviewed, and they are updated when that review indicates a need.

Objectives:
- The media protection policy addresses purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance;
- The media protection policy is consistent with the organization's mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance; and
- The media protection procedures address all areas identified in the media protection policy and address achieving policy-compliant implementations of all associated media protection controls.

Procedures:
- Examine the media protection policy and any other relevant documents; reviewing for purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance.
- Examine the media protection policy and any other relevant documents; reviewing for indication of consistency with the organization's mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance.
- Examine the media protection policy and any other relevant documents; studying for consistency with the organization's mission and functions and with applicable laws, directives, policies, regulations, standards, and guidance.
- Examine the media protection policy and procedures or other relevant documents; reviewing for indication that the media protection procedures address all areas identified in the incident response policy and address achieving policy-compliant implementations of associated media protection controls.
- Examine the media protection policy and procedures or any other relevant documents; studying to verify that the media protection procedures address all areas identified in the media protection policy and address achieving policy-compliant implementations of associated media protection controls.
- Interview an agreed-upon representative sample of organizational personnel with media protection responsibilities; conducting focused discussions to verify that the media protection procedures are consistent with the media protection policy.