The information security management audit/assurance review will:
• Provide management with an assessment of the effectiveness of the information security management function
• Evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively
It is not designed to replace or focus on audits that provide assurance of specific configurations or operational processes.