List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Implement compliance systems | 1.1 Monitor and assess the information security compliance practices of personnel according to enterprise policy and procedures 1.2 Maintain ongoing and effective communications with key compliance stakeholders 1.3 Conduct internal audits to determine if information security control objectives, controls, processes, and procedures are effectively applied and maintained, and perform as expected |
2. Evaluate compliance systems | 2.1 Assess the effectiveness of enterprise compliance program controls against appropriate benchmarks 2.2 Assess the effectiveness of information security compliance process and procedures for process improvement and implement changes where appropriate 2.3 Compile, analyse and report performance measures |
Evidence of the ability to:
monitor and assess information security compliance
conduct internal audits
assess the effectiveness of enterprise compliance
compile, analyse and report performance measures.
Note: Evidence must be provided on at least TWO occasions.
To complete the unit requirements safely and effectively, the individual must:
describe the client business domain
compare and contrast the key security features and capabilities of current industry accepted hardware and software products
research and report on the key features of legislation relating to information and communications technology (ICT) security
evaluate the operating system, including strengths and weaknesses over lifetime of product
discuss privacy issues and legislation relating to integrating legal requirements with ICT security.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work, and include access to:
ICT business specifications
information on the security environment, including laws or legislation, existing organisational security policies, organisational expertise and knowledge
possible security environment, which includes threats to security that are, or are held to be, present in the environment
risk analysis tools and methodologies
ICT security assurance specifications.
Assessors must satisfy NVR/AQTF assessor requirements.