Tietoturvallisuuteen ja tietojärjestelmiin liittyviä auditointeja tehdään säännöllisesti.
Lisätiedot
– sisältää hallinnolliset ja tekniset auditoinnit
– järjestelmiin vähintään käyttöönottovaiheessa sekä kriittisyyden mukaan säännöllisesti
The organization conducts internal audits in accordance with its internal audit procedure. The aim is to check:
Documented information on the execution and results of audits must be kept.
Whenever new data systems are acquired or developed, pre-defined security rules are followed, taking into account the priority of the system. The rules ensure that adequate measures are taken to ensure the security of the data and data processing in the system.
Organisation carries out data security auditing regularly. Auditing is used to identify e.g. problems and development needs in data systems and system providers activity.
Important auditing partners should be listed on Other stakeholders -list.