Reviews of Security Policy

It is essential that you regularly review the security measures that your business has taken, including monitoring processes, to ensure that they continue to comply with the relevant risks and legislation, as well as with your own security policies and standards.

Areas that should be considered for review include:

1. Information Systems - Data Backup, System Integrity
2. System - Hardware and Software suitability
3. External Access Security - Hackers, Anti-Virus, Anti-Spyware
4. Mobile Users - Laptops, Wireless Access, Remote Workers

One element of this review should include the examination of operational systems to ensure that hardware and software controls have been correctly implemented. This may require external technical assistance.

An example is the use of penetration testing of your systems, which might be carried out by independent experts. This can be useful for detecting vulnerabilities in the system and for checking how effective the controls are in preventing unauthorised access due to these vulnerabilities.