cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Viewer II

Sample engagement letter for security auditor

Hello all. I am a CISSP and happy to join.

Does anyone have a simple sample of an "engagement letter" for security audits at a client?

Thanks,

Simin

3 Replies
Contributor II

Re: Sample engagement letter for security auditor

I presume by "engagement letter" you mean a "Statement of Work" or SOW?

 

There are plenty of templates available on the internet that you can adjust to your needs.

 

Whatever your final document ends up looking like, I advise you to seek proper legal advice to ensure it's a suitable contractual document that can be used for legal purposes if needed.

 

Newcomer III

Re: Sample engagement letter for security auditor

Engagement letter is similar to SOW but I find SOW more detail/in-depth. The engagement letter will only describe the area it's going to be audit, but it will not describe (or at least not in detail) what methodology the audit will use. So for example the engagement letter might say this audit will follow PCI Compliance or NIST framework, but it will not go into detail to explain what is PCI Compliance or NIST framework.

Contributor II

Re: Sample engagement letter for security auditor

Interesting! An engagement letter is not something I've heard of before in my 20+ years in IT Consulting.

 

Looking into it a bit more, an engagement letter is not something that is used by the IT Consulting industry in my region - it seems to be something used by accountants and lawyers over here.