Yes - Clause 9.2 of the Standard makes this requirement explicit. Remember, you must audit to assess whether your ISMS is meeting your own organisational requirements as well as the requirements of the Standard and that it is effectively implemented and maintained.
related BLog
No items found.
"
Our experience with the QSA team has been fantastic over the last 3 years. Our QSA has enabled us to refine the PCI audit process, whilst also improving our security posture. His guidance also made the transition process from version 3.2.1 to 4.0 extremely smooth.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.