Who would perform a structured audit?
A: Senior management.
B: IT security staff.
C: External auditors.
D: Internal auditors.
CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests
C: Structured audits (3rd party): External auditors there to validate compliance, they are experts and the audit adds credibility. Can also be a knowledge transfer for the organization, required annually in many organizations.