Elements and Performance Criteria
- Benchmarks for audit are clearly identified
- Plan, organise and undertake audit of the established incident response systems
- Identify or develop methods to audit the established management systems and processes as prescribed by the plan and/or legislation in consultation with relevant personnel
- Identify and secure the resources required to conduct the audit
- Gather and sight relevant documents and all other evidence required in accordance with procedures
- Conduct the audit according to prescribed/pre-agreed methodology and in a manner that enhances the organisation's confidence and commitment to the incident response system
- Evaluate and report the results of the audit
- Evaluate evidence gathered for reliability, validity, authenticity, sufficiency, currency and consistency
- Promptly bring to the attention of relevant personnel any findings which have serious or immediate risks
- Disseminate records of the process and outcomes of the audit, including justifiable recommendations complying with procedures, to appropriate personnel in a timely manner
- Follow up results of the audit