Task: Define Audit Procedures
This task focuses on defining the Information Security Audit Procedures to support the Client’s regulatory compliance requirements determined in the earlier task.
Relationships
RolesPrimary: Additional: Assisting:
Outputs
Main Description

Once the audit and compliance requirements are understood, the Information Security And Compliance Lead must work with the Client’s compliance organization to determine how the Capgemini service delivery personnel need to support the Client’s external audit requirements.

The Information Security And Compliance Lead must liaise with the affected parties to define the audit process. A relationship must be established with Clients key risk and compliance contacts to identify Client’s compliance requirements based on business, industry and legal obligations and statutes.

The audit process must typically include:

  • Compliance standard or procedures against which the audit needs to conducted
  • Guidance to Service Delivery Teams regarding delivery with respect to compliance requirements, e.g. privacy, security, breach notification rules
  • Trained personnel to conduct the audit
  • List of identified stakeholders
  • Definition of non-compliances
  • Communication protocol
  • Reporting protocol for the audit.

In addition, the Information Security And Compliance Lead must determine the protocol by which Capgemini delivery resources are to participate directly in the Client’s audits or control testing, e.g. providing evidence of compliance with control requirements.
More Information
Guidelines

Copyright © 2017 Capgemini. All Rights Reserved.