Welcome » IT Booklets » Information Security » IV Information Security Program Effectiveness » IV.A Assurance and Testing » IV.A.3 Independence of Tests and Audits
Institutions frequently use independent organizations to test
aspects of their information security programs. Independent tests
have the potential to reduce bias, increase capabilities, and
increase knowledge about threats and technologies. Independence
gives credibility to the test results. To be considered
independent, testing personnel should not be responsible for the
design, installation, maintenance, and operation of the tested
system, or the policies and procedures that guide its operation.
The reports generated from the tests should be prepared by
individuals who similarly are independent.