Internal Audit is a comprehensive and systematic examination activity to evaluate the operation of ISMS. It helps us accomplish our ISMS objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and corrective processes.
We conduct internal audit in August by reviewing the existence key documentation. It is one of the key activities to verify on whether ISMS are implemented correctly such as the information security polices, Statement of Applicability (SOA) etc.
And the corrective actions have been implemented for the non-conformities by applying reasons analysis in order to avoid incident happen.