State Safety Oversight Program: Audit of the Tri-State Oversight Committee and the Washington Metropolitan Area Transit Authority
The following overview illustrates the main set of criteria and standards for the IS audit.
The IS audit checks the effectiveness of the security organisation as well as the appropriateness and
implementation of the organisation’s security concept. The security strategy and the
implementations of technical, organisational, and personal safeguards are examined (see [BMI2]).
IS audits should be performed regularly. Federal agencies are obligated by the Federal
Implementation Plan to perform a comprehensive IS audit at least every 3 years. This audit
must always examine all aspects of the organisation taking all IT-Grundschutz layers into
account....