Information Security Audit gives an assurance to an information security management. Stakeholders of the information security management, such as clients of information system services, E-commerce users, peoples who are the user of governmental systems and/or social infrastructure services and so on, can confident the security of their information and system based on the assurance. It is same as the accounting audit. This means information security audit must be fair socially.

The Authorized Information Security Audit System – The System of IS Audit- keeps the fairness of information security audit. It is consisted by three official elements;

    1. Information Security Management Standard; This Standard gives criteria of evaluation for information security management.
    2. Information Security Audit Standard; This standard gives the standard code of auditors’ conduct.
    3. Registry System for ledger of Information Security Audit Firms; The table of firms registered can help information security users of searching an appropriate audit firm.

These elements are defined by Ministry of Economy, Trade and Industry consistent with international standard of information security.

The Authorized Information Security Audit System;
Activities of assurance and/or consultation, which an auditor verifies and evaluates it independently and professionally that deployment and operation of controls based on risk assessment is appropriate, for implementation of risk management related to information security being effective.