It is the responsibility of the Engagement Manager to review and agree the scope and objectives of an independent
security and data protection audit. These must be reviewed by the Delivery Manager and agreed upon before any audit
takes place. Typically the scope and objectives of the audit will determine the following criteria:
-
What will be audited
-
Who will conduct the audit
-
Who will participate in the audit
-
How the audit will be conducted
-
When and where the audit will take place
-
What logistics are required for the audit
-
What resources need to be allocated as point of contact for the audit
-
What report will be produced (including its distribution)?
The Engagement Manager must ensure that the way the engagement prepares for the audit is compliant with the audit scope
and objectives, as well as being compliant with Capgemini's security audit expectations.
|
