The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Plan security audit
|
|
The scope and objectives of the audit are identified Completed |
Evidence:
|
An audit plan is prepared that meets organisational requirements and the objectives of the audit Completed |
Evidence:
|
The organisation's information systems to be included in the audit are identified in the audit plan Completed |
Evidence:
|
Appropriate personnel are advised of the audit plan and its requirements Completed |
Evidence:
|
Possible sources of security risk are identified and prioritised Completed |
Evidence:
|
Audit checklist is prepared in accordance with organisational policy and procedures Completed |
Evidence:
|
Conduct security audit
|
|
Systems, procedures, records and documents are identified and analysed Completed |
Evidence:
|
Audit is conducted in accordance with the audit plan Completed |
Evidence:
|
Audit activities are recorded in accordance with the checklist and organisational requirements Completed |
Evidence:
|
Situations requiring specialist input are identified and referred for action Completed |
Evidence:
|
Situations requiring referral to other areas are identified and referred in a timely manner Completed |
Evidence:
|
Report on security findings
|
|
Audit records are maintained in accordance with legislation, policy and procedures Completed |
Evidence:
|
Audit report is prepared in accordance with organisational requirements and audit objectives Completed |
Evidence:
|
Background and scope of the audit, outcomes and recommendations are included in the report Completed |
Evidence:
|
Report is written in a language and style to suit the audience and meets organisational requirements for accuracy and timeliness Completed |
Evidence:
|
Recommendations are supported by evidence, and written as actions with responsible person/s identified for implementation Completed |
Evidence:
|
Plan security audit
|
|
The scope and objectives of the audit are identified. Completed |
Evidence:
|
An audit plan is prepared that meets organisational requirements and the objectives of the audit. Completed |
Evidence:
|
The organisation's information systems to be included in the audit are identified in the audit plan. Completed |
Evidence:
|
Appropriate personnel are advised of the audit plan and its requirements. Completed |
Evidence:
|
Possible sources of security risk are identified and prioritised. Completed |
Evidence:
|
Audit checklist is prepared in accordance with organisational policy and procedures. Completed |
Evidence:
|
Conduct security audit
|
|
Systems, procedures, records and documents are identified and analysed. Completed |
Evidence:
|
Audit is conducted in accordance with the audit plan. Completed |
Evidence:
|
Audit activities are recorded in accordance with the checklist and organisational requirements. Completed |
Evidence:
|
Situations requiring specialist input are identified and referred for action. Completed |
Evidence:
|
Situations requiring referral to other areas are identified and referred in a timely manner. Completed |
Evidence:
|
Report on security findings
|
|
Audit records are maintained in accordance with legislation, policy and procedures. Completed |
Evidence:
|
Audit report is prepared in accordance with organisational requirements and audit objectives. Completed |
Evidence:
|
Background and scope of the audit, outcomes and recommendations are included in the report. Completed |
Evidence:
|
Report is written in a language and style to suit the audience and meets organisational requirements for accuracy and timeliness. Completed |
Evidence:
|
Recommendations are supported by evidence, and written as actions with responsible person/s identified for implementation. Completed |
Evidence:
|