Академический Документы
Профессиональный Документы
Культура Документы
No.
Description
Audit Objective
Is access to data files restricted to authorized users
and programs?
Access to Data
4
5
6
7
8
9
10
Computer room?
On-site library?
Off-site library?
COMPUTER PROCESSING
Yes
No N/A
2
2
10
11
ACCESS
CONTROLS
5
6
7
8
9
10
11
12
13
14
15
16
17
VIRUSES
2
3
4
5
6
7
8
9
10
3
11
12
13
14
15
16
E
1
2
3
4
5
6
7
8
9
10
11
12
F
basis?
Are diskettes formatted before re-use?
Have procedures been developed to restrict or
oversee the transfer of data between machines?
Is staff prohibited from sharing machines
(laptops/desktops)?
Is software reloaded from the master diskettes after
machine maintenance?
Has all staff been advised of the virus prevention
procedures?
Are downloads from internet controlled by locking the
hard-drive and routing it through network drive to
prevent the virus (if any) from spreading?
INTERNET
Is there any proper policy regarding the use of internet
by the employees?
Does the policy identify the specific assets that the
firewall is intended to protect and the objectives of
that protection?
Does the policy support the legitimate use and flow of
data and information?
Is information passing through firewall is properly
monitored?
Determine whether management approval of the
policy has been sought and granted and the date of
the most recent review of the policy by the
management?
Is the policy properly communicated to the users and
awareness is maintained?
Have the company employed a Firewall Administrator?
Is firewall configured as per security policy?
Is URL screening being performed by Firewall?
Is anti-virus inspection enabled?
Are packets screened for the presence of prohibited
words? If so, determine how the list of words is
administered and maintained.
Are access logs regularly reviewed and any action is
taken on questionable entries?
CONTINUITY OF OPERATIONS
L.I
1
L.II
Physical Protection
Fire Hazard
Check the safety against fire in the following ways:
Building materials fire resistant?
Wall and floor coverings non-combustible?
Separation from hazardous areas (e.g. fire doors)?
Separation from combustible materials (e.g. paper,
fuel)?
Smoking restriction?
Fire resistant safes (for tapes, disks and
documentation)?
Check the appropriate arrangements of fire detection
devices:
Smoke/ Heat-rise detectors?
Detectors located on ceiling and under floor?
Detectors located in all key EDP areas?
Linked to fire alarm system?
Check the appropriate arrangements for fire fighting:
Halon gas system (for key EDP areas)
Automatic sprinkler system
Portable CO2, extinguishers (electrical fires)
Ease of access for fire services
Check appropriate arrangements in case of fire
emergency:
Fire instructions clearly posted
Fire alarm buttons clearly visible
Emergency power-off procedures posted
Evacuation plan, with assignment of roles and
responsibilities
Check if there is training to avoid fire emergecny:
Regular fire drill and training
Regular inspection/testing of all computing
equipment
AIR CONDITIONING
Monitoring of temperature and humidity in EDP area
Heat, fire and access protection of sensitive airconditioning parts (eg. cooling tower)
Air intakes located to avoid undesirable pollution
Back-up air conditioning equipment
L.V
ACCESS CONTROL
1
2
3
4
5
6
7
M.I
Visitor Control
1
2
3
4
M.II
1
2
3
4
5
6
M.II
General Security
I
2
3
10
I
INSURANCE
Equipment?
Storage media?
9
J
BACK-UP PROCEDURES
P.I
Reliable manufacturer service Arrangements for backup installation Formal written agreement
P.II
1
2
3
P.III
1
2
P.IV
Data Files
File criticality and retention procedure regularly
reviewed
10
P.V
Tape
P.VI
Disc
3
4
P.VI
I
P.VI
II
Operating procedures
Operations
10
11
8
9
10
11
12
13
11
12
14
Audit Objective
Do controls provide reasonable assurance that for
each transaction type, input is authorized, complete
and accurate, and that errors are promptly corrected?
2
3
4
5
6
7
8
9
10
11
12
13
12
13
13