This audit program sample offers best-practice general steps for a vulnerability assessment audit, including key objectives/control questions and their results.

Sample steps include: verify that a high-level information security plan/strategy exists and is formally documented, verify that a formal information security policy has been documented, verify that information security responsibilities for all employees are specified in job descriptions, confirm that applicants for employment are adequately screened prior to their start date, and determine if there are local information security coordinators appointed to each business unit/geographical location.