Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • System Due Deligence

    Загружено:

    Pratik Kitlekar
    22 просмотров8 страниц
    systems

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    DOCX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    systems

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    22 просмотров8 страниц

    System Due Deligence

    Загружено:

    Pratik Kitlekar
    systems

    Авторское право:

    © All Rights Reserved
    Скачайте в формате DOCX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 8

    Products?

    -A list and description of all IT or software products sold or built for


    internal use.
    Software development process?-A description of the software development
    tools and environment utilized by the company.
    Agreements & other legal documents?-A list of any external contractors or
    consultants who have been involved in the development of any software or
    systems and copies of any agreements with those contractors
    Customization?-What is the extent to which the company has modified any
    packaged software that it has purchased elsewhere
    Related document:

    Financial?-A description of the way new software development projects and


    ongoing maintenance are capitalized and expensed.
    Security & compliance?-A description of how the company stays up to date on
    all vendor software patches.
    Backup & recovery?-Copies of any backup policies, and details regarding how
    long they have been in place.
    Related document:
    Version History
    Version

    Date

    Detail

    Author

    1.0

    25/03/2011

    Completed for distribution

    Jo White

    1.0

    26/04/2011

    Approved by Information Governance


    Group

    Jo White

    2.0

    26/05/2011

    Reviewed by Information Governance


    Group

    Jo White

    3.0

    30/05/2012

    Reviewed by Information Governance


    Group

    Jo White

    4.0

    27/06/2013

    Reviewed by Information Governance


    Group

    Jo White

    5.0

    14/07/2014

    Reviewed by Information Governance


    Group

    Jo White

    This document has been prepared using the following ISO27001 standard controls as reference:

    ISO Control

    Description

    A.6.1.1 > 4

    Management commitment to information security

    A.8.2.1

    Management responsibilities

    A.8.2.2

    Information security awareness, education and training

    A.10.1.2.

    Change management

    A.10.1.4

    Separation of development, test and operational facilities

    A.10.3.1

    Capacity management

    A.10.3.2

    System acceptance

    A.10.5.1

    Information back-up

    A.11.2.1 > 4

    User access management

    A.11.5.4

    Use of system utilities

    A.11.6.1

    Information access restriction

    A.11.6.2

    Sensitive system isolation

    A.12.1.1

    Security requirements analysis and specification

    A.12.2.1 > 4

    Correct processing in applications

    A.12.4.1 > 3

    Security of system files

    A.12.5.1 > 3

    Security in development and support processes

    A.12.5.5

    Outsourced software development

    Interfaces?-Investigate the interfaces that the company uses to link together


    its systems. Any interfaces of particular complexity should be noted, since

    these may need to be reconstructed if the acquirer wants to link into those
    systems, too.
    Network & infrastructure?-A network diagram showing network entry points,
    firewalls, servers etc.
    Software utilized?-A list of product development tools utilized, including costs
    & current licensing terms.
    Hardware?-A list of all computer server hardware, whether it is owned or
    leased, and current value. Include operating systems and versions.
    Related document:

    Intellectual property?-A list of all domain names controlled by the


    company(also Twitter handles and corporate LinkedIn, Facebook and other
    social networking accounts).
    Related document:

    Customers?-A log of customer technical support calls / questions for the past
    four months. A description of the implementation process for a new customer

    Licenses?-Determine the number of valid software licenses that the company


    has paid for each software application, and match this against the number of
    users.
    Related Document:

    Tentative questionnaire:
    Legal systems?-Some organizations have custom-made software that requires
    considerable resources to maintain. The team should locate these systems,
    determine their annual maintenance cost, decide whether they should be
    replaced with other systems, and estimate the replacement cost.
    Disaster recovery plan?-. Is there a disaster recovery plan that states how
    information is to be backed up and recovered in the event of a system
    failure? Is the plan tested regularly? Is there a backup IT facility that is ready
    to take over if the main facility is destroyed?
    Interfaces?-Investigate the interfaces that the company uses to link together
    its systems. Any interfaces of particular complexity should be noted, since
    these may need to be reconstructed if the acquirer wants to link into those
    systems, too.

    Capacity?-Investigate the usage level of existing systems, as well as the age


    of the equipment.

    Вам также может понравиться