The major revision of the Baseline Security Safeguards, the Detailed Risk Assessment and Information Security Policies have been completed in the beginning of Feb 14. But the internal audit has been conducted during 6-10 Jan 14. The ISMS Audit has not covered the current security practices of the organization. Effectiveness and conformity to current security practices could not be determined.