SlideShare uma empresa Scribd logo

IS Audit Checklist- by Software development company in india

Transferir como PPTX, PDF
iFour Consultancy
iFour Consultancy

The document outlines the stages and workflow of an information security audit, including understanding the auditee's information system, assessing risk, and reviewing general, input, processing, and output controls. It provides details on collecting information about the system, assessing risks related to management, HR policies, security, and physical/logical access. Finally, it lists various sections to consider for reviewing IT security, such as security policies, asset classification, access control, and business continuity management.

Educação
1 de 18
iFour ConsultancyInformation Security Audit Checklist
Basic stages and workflow of IS Audit Software Consultancy Indiahttp://www.ifourtechnolab.com
Table of Contents ISO for Software Outsourcing Companies in India Sr. No. Particulars 1 List of documents for understanding the Information System of the auditee. 2 Criticality Assessment Tool 3 Collection of specific information on Information System 4 Risk assessment 5 General controls 6 Input controls 7 Processing controls 8 Output controls 9 IT security Software Consultancy Indiahttp://www.ifourtechnolab.com
Documents for understanding Information System ISO for Software Outsourcing Companies in India Sr. No. List of documents 1 Brief background of the organization 2 Information security objectives 3 Scope document of Information System 4 Organizational chart with details of reporting responsibilities 5 Information security policy 6 Risk assessment process 7 Statement of Applicability 8 Risk treatment plan and process 9 Risk assessment and Risk treatment results 10 Evidence of monitoring and measurement results 11 Evidence of implementation of audit program 12 Evidence of results of management reviews 13 Previous audit and internal audit reports 14 Evidence of results of any corrective action Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions Asked:  Does the system relate to any of the following operations:  Business Critical Operations  Support functions  What is the amount of investment made in the system?  Number of PCs/Desktops used in the system?  Is the system on the network?  How much dependent is the organization on the system?  Does the system link to third parties?  Does the system have dedicated IT staff?  How many end-users of system?  For how long has the system been operation for?  Does the system have a documented and approved DRP?  What is the volume of data used by the system? Criticality Assessment Tool ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
Collection of specific information on IS Information to be collected includes: Name of the system and broad functional areas covered by the system. Department head of the organization Location of the system installation Category of the system architecture Affects financial or accounting aspects of the organization Softwares used by the system Is the system mission critical? Is the system in-house or has it been outsourced? (if so, then collect information of that company) ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
Collection of specific information on IS (continued) Total persons involved in the system Does the system documentation provide audit trail of all transactions? Are system manuals available? Details of hardware items employed by the system What is the projected cost of the system? When was the system made operational? Total investment made in the system based on categories of items use ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 The risk assessment is classified into 4 categories: Management & Organization HR Policy Security Physical & Logical access Risk assessment ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Is there a strategic IT plan prepared by the organization based on business needs? Does the IS department have clear cut and well defined goals? Does management provide appropriate direction on security objectives of the system? If the system uses 3rd party data, does the organization have procedures in place to address associated risks? Are there procedures to update strategic IT plan? Risk assessment – Management & Organization ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
Risk Assessment – HR policy Questions asked: Is there a criteria for recruiting and selecting personnel? Is training need analysis done at a particular interval? Is organization’s security clearance process adequate? Are responsibilities and duties clearly defined? Is backup staff available in case of absenteeism? Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Is there a data classification schema in place? Is there a user security profile system in place to determine access on a ‘need to know’ basis? Is there a password policy? Are preventive and detective control measures been established by management? Is there a centralized security organization responsible for ensuring only appropriate access to system resources? Risk assessment – Security ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Whether facility access is limited to least number of people? Is there a periodic and ongoing review of access profiles, including managerial review? Whether physical security is addressed in the continuity plan? Whether health, safety and environmental regulations are being complied with? Is there a system of reviewing fire, weather, electrical warning and alarm procedures and expected response scenarios for various levels of environmental hazards? Risk assessment – Physical & Logical Access ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 To check whether proper controls have been implemented or not.  These controls need to be viewed in relation to the impact on the efficiency, security or effectiveness of the system.  Questions asked: Are there procedures for monitoring the implementation of strategic plan? Are current IT activities consistent with the plan? Is documentation complete and in current state? Does security procedures cover designation and duties of security officer? Are security breaches immediately reported for appropriate action? Are objectives, scope and requirements of acquisition clearly defined and documented? General Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Are the methods of data entry and conversion well documented? Are all the documents accounted for and if so what is the method used? Is there a system of documents being signed or marked to prevent reuse of data? Is there a system of escalation of reports to higher levels if the conditions deteriorate? Does the system provide for error messages for every type of error not meeting the validation? Input Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Do documented procedures exist explaining the methods for proper processing of each application program? Is the history log displayed by the console? Does the computer program logic have in-built standardized default options? Are version control procedures in place, ensuring the processing on the proper version of file? Are the error messages clear and short, communicating the nature of error for appropriate guidance to the user? Processing Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Questions asked: Is the user department responsible for correctness of all output? Examine whether document methods are in place for proper handling and distribution of output? Examine the system of forward linkage to trace transaction from origin to its final output stage Whether output audit trail logs are maintained and periodically reviewed by supervisors to ensure accuracy of output generated Output Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 Sections considered: Security Policy Organizational security Asset classification and control Personnel security Physical & Environmental security Communications & Operations management Access Control System development and maintenance Business continuity management Compliance IT security ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
 http://www.icisa.cag.gov.in/Background%20Material-IT%20Environment/IT-Audit- Manual/Vol-3.pdf References Software Consultancy Indiahttp://www.ifourtechnolab.com

Recomendados

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 

Recomendados

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingMuhammad Aslam
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1 Ismail aboulezz
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO 20000 Implementation Presentation
ISO 20000 Implementation PresentationISO 20000 Implementation Presentation
ISO 20000 Implementation PresentationSriramITISConsultant
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
System audit questionnaire
System audit questionnaireSystem audit questionnaire
System audit questionnaireNicholas Kaptingei
 
Auditoria informatica
Auditoria informaticaAuditoria informatica
Auditoria informaticalevychucas
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdfmabkhoutaliwi1
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Summer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools LtdSummer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools LtdPuneet Parihar
 
Ch12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jonesCh12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jonesAnkit Kesri
 

Mais conteúdo relacionado

Mais procurados

ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingMuhammad Aslam
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO 20000 Implementation Presentation
ISO 20000 Implementation PresentationISO 20000 Implementation Presentation
ISO 20000 Implementation PresentationSriramITISConsultant
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Auditoria informatica
Auditoria informaticaAuditoria informatica
Auditoria informaticalevychucas
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 

Mais procurados (20)

ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mapping
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
ISO 20000 Implementation Presentation
ISO 20000 Implementation PresentationISO 20000 Implementation Presentation
ISO 20000 Implementation Presentation
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
System audit questionnaire
System audit questionnaireSystem audit questionnaire
System audit questionnaire
 
Auditoria informatica
Auditoria informaticaAuditoria informatica
Auditoria informatica
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Audit
 

Destaque

Summer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools LtdSummer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools LtdPuneet Parihar
 
Ch12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jonesCh12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jonesAnkit Kesri
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-databaseMohsen B
 
Technical Marketing is the Price of Admission
Technical Marketing is the Price of AdmissionTechnical Marketing is the Price of Admission
Technical Marketing is the Price of AdmissionMichael King
 
101 Free Online Marketing Resources For Entrepreneurs
101 Free Online Marketing Resources For Entrepreneurs101 Free Online Marketing Resources For Entrepreneurs
101 Free Online Marketing Resources For EntrepreneursFit Small Business
 
Iso 9001 2015 audit checklist
Iso 9001 2015 audit checklistIso 9001 2015 audit checklist
Iso 9001 2015 audit checklistHamid Ali
 
Web site int audit checklist intent
Web site int audit checklist intentWeb site int audit checklist intent
Web site int audit checklist intentmartinbusiness
 
Program management audit checklist
Program management audit checklistProgram management audit checklist
Program management audit checklistBob Prieto
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banksspandane
 
Predictive Analytics: Context and Use Cases
Predictive Analytics: Context and Use CasesPredictive Analytics: Context and Use Cases
Predictive Analytics: Context and Use CasesKimberley Mitchell
 
Computer networking
Computer networkingComputer networking
Computer networkingChinmoy Jena
 
Website Audit Checklist
Website Audit ChecklistWebsite Audit Checklist
Website Audit ChecklistTim Bourgeois
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanResilient Systems
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Landforms 60 - PowerPoint - Version 2
Landforms 60 - PowerPoint - Version 2Landforms 60 - PowerPoint - Version 2
Landforms 60 - PowerPoint - Version 2Yaryalitsa
 
Iso Process Audit Training
Iso Process Audit TrainingIso Process Audit Training
Iso Process Audit Trainingsrmortensen
 
Integrated treasury management in banks
Integrated treasury management in banksIntegrated treasury management in banks
Integrated treasury management in banksSahas Patil
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information SystemsAhmad Tariq Bhatti
 
Entrepreneurship And Business Management
Entrepreneurship And Business ManagementEntrepreneurship And Business Management
Entrepreneurship And Business ManagementProf Parameshwar P Iyer
 

Destaque (20)

Summer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools LtdSummer Training Presentation On HMT Machine Tools Ltd
Summer Training Presentation On HMT Machine Tools Ltd
 
Ch12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jonesCh12 - Organisation theory design and change gareth jones
Ch12 - Organisation theory design and change gareth jones
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-database
 
Technical Marketing is the Price of Admission
Technical Marketing is the Price of AdmissionTechnical Marketing is the Price of Admission
Technical Marketing is the Price of Admission
 
101 Free Online Marketing Resources For Entrepreneurs
101 Free Online Marketing Resources For Entrepreneurs101 Free Online Marketing Resources For Entrepreneurs
101 Free Online Marketing Resources For Entrepreneurs
 
Iso 9001 2015 audit checklist
Iso 9001 2015 audit checklistIso 9001 2015 audit checklist
Iso 9001 2015 audit checklist
 
Web site int audit checklist intent
Web site int audit checklist intentWeb site int audit checklist intent
Web site int audit checklist intent
 
Program management audit checklist
Program management audit checklistProgram management audit checklist
Program management audit checklist
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banks
 
Capex audit checklist
Capex audit checklistCapex audit checklist
Capex audit checklist
 
Predictive Analytics: Context and Use Cases
Predictive Analytics: Context and Use CasesPredictive Analytics: Context and Use Cases
Predictive Analytics: Context and Use Cases
 
Computer networking
Computer networkingComputer networking
Computer networking
 
Website Audit Checklist
Website Audit ChecklistWebsite Audit Checklist
Website Audit Checklist
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
 
Information System audit
Information System auditInformation System audit
Information System audit
 
Landforms 60 - PowerPoint - Version 2
Landforms 60 - PowerPoint - Version 2Landforms 60 - PowerPoint - Version 2
Landforms 60 - PowerPoint - Version 2
 
Iso Process Audit Training
Iso Process Audit TrainingIso Process Audit Training
Iso Process Audit Training
 
Integrated treasury management in banks
Integrated treasury management in banksIntegrated treasury management in banks
Integrated treasury management in banks
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 
Entrepreneurship And Business Management
Entrepreneurship And Business ManagementEntrepreneurship And Business Management
Entrepreneurship And Business Management
 

Semelhante a IS Audit Checklist- by Software development company in india

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information securityVijay Sekar
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxSharumathiR1
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Ravikrishnan Nc
 
we45 Information Security HealthCheck (iSHC)
we45 Information Security HealthCheck (iSHC)we45 Information Security HealthCheck (iSHC)
we45 Information Security HealthCheck (iSHC)we45
 
eb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfeb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfSajid Ali
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
 
Compliance and Event Monitoring with PowerSC Tools for IBM i
Compliance and Event Monitoring with PowerSC Tools for IBM iCompliance and Event Monitoring with PowerSC Tools for IBM i
Compliance and Event Monitoring with PowerSC Tools for IBM itaford
 
Information Systems Development.pptx
Information Systems Development.pptxInformation Systems Development.pptx
Information Systems Development.pptxOsamaRehman10
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Under Controls
 
20 IT Auditor questions.pdf
20 IT Auditor questions.pdf20 IT Auditor questions.pdf
20 IT Auditor questions.pdfinfosec train
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAMatt Moneypenny
 

Semelhante a IS Audit Checklist- by Software development company in india (20)

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
INTERNAL Assign no 207( JAIPUR NATIONAL UNI)
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information security
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptx
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01
 
we45 Information Security HealthCheck (iSHC)
we45 Information Security HealthCheck (iSHC)we45 Information Security HealthCheck (iSHC)
we45 Information Security HealthCheck (iSHC)
 
eb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdfeb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdf
 
2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d2010 06 gartner avoiding audit fatigue in nine steps 1d
2010 06 gartner avoiding audit fatigue in nine steps 1d
 
Compliance and Event Monitoring with PowerSC Tools for IBM i
Compliance and Event Monitoring with PowerSC Tools for IBM iCompliance and Event Monitoring with PowerSC Tools for IBM i
Compliance and Event Monitoring with PowerSC Tools for IBM i
 
Information Systems Development.pptx
Information Systems Development.pptxInformation Systems Development.pptx
Information Systems Development.pptx
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
 
20 IT Auditor questions.pdf
20 IT Auditor questions.pdf20 IT Auditor questions.pdf
20 IT Auditor questions.pdf
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRA
 

Mais de iFour Consultancy

Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...iFour Consultancy
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaiFour Consultancy
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...iFour Consultancy
 

Mais de iFour Consultancy (6)

Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in India
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
 

Último

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 

Último (20)

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 

IS Audit Checklist- by Software development company in india

  • 2. Basic stages and workflow of IS Audit Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 3. Table of Contents ISO for Software Outsourcing Companies in India Sr. No. Particulars 1 List of documents for understanding the Information System of the auditee. 2 Criticality Assessment Tool 3 Collection of specific information on Information System 4 Risk assessment 5 General controls 6 Input controls 7 Processing controls 8 Output controls 9 IT security Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 4. Documents for understanding Information System ISO for Software Outsourcing Companies in India Sr. No. List of documents 1 Brief background of the organization 2 Information security objectives 3 Scope document of Information System 4 Organizational chart with details of reporting responsibilities 5 Information security policy 6 Risk assessment process 7 Statement of Applicability 8 Risk treatment plan and process 9 Risk assessment and Risk treatment results 10 Evidence of monitoring and measurement results 11 Evidence of implementation of audit program 12 Evidence of results of management reviews 13 Previous audit and internal audit reports 14 Evidence of results of any corrective action Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 5.  Questions Asked:  Does the system relate to any of the following operations:  Business Critical Operations  Support functions  What is the amount of investment made in the system?  Number of PCs/Desktops used in the system?  Is the system on the network?  How much dependent is the organization on the system?  Does the system link to third parties?  Does the system have dedicated IT staff?  How many end-users of system?  For how long has the system been operation for?  Does the system have a documented and approved DRP?  What is the volume of data used by the system? Criticality Assessment Tool ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 6. Collection of specific information on IS Information to be collected includes: Name of the system and broad functional areas covered by the system. Department head of the organization Location of the system installation Category of the system architecture Affects financial or accounting aspects of the organization Softwares used by the system Is the system mission critical? Is the system in-house or has it been outsourced? (if so, then collect information of that company) ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 7. Collection of specific information on IS (continued) Total persons involved in the system Does the system documentation provide audit trail of all transactions? Are system manuals available? Details of hardware items employed by the system What is the projected cost of the system? When was the system made operational? Total investment made in the system based on categories of items use ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 8.  The risk assessment is classified into 4 categories: Management & Organization HR Policy Security Physical & Logical access Risk assessment ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 9.  Questions asked: Is there a strategic IT plan prepared by the organization based on business needs? Does the IS department have clear cut and well defined goals? Does management provide appropriate direction on security objectives of the system? If the system uses 3rd party data, does the organization have procedures in place to address associated risks? Are there procedures to update strategic IT plan? Risk assessment – Management & Organization ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 10. Risk Assessment – HR policy Questions asked: Is there a criteria for recruiting and selecting personnel? Is training need analysis done at a particular interval? Is organization’s security clearance process adequate? Are responsibilities and duties clearly defined? Is backup staff available in case of absenteeism? Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 11.  Questions asked: Is there a data classification schema in place? Is there a user security profile system in place to determine access on a ‘need to know’ basis? Is there a password policy? Are preventive and detective control measures been established by management? Is there a centralized security organization responsible for ensuring only appropriate access to system resources? Risk assessment – Security ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 12.  Questions asked: Whether facility access is limited to least number of people? Is there a periodic and ongoing review of access profiles, including managerial review? Whether physical security is addressed in the continuity plan? Whether health, safety and environmental regulations are being complied with? Is there a system of reviewing fire, weather, electrical warning and alarm procedures and expected response scenarios for various levels of environmental hazards? Risk assessment – Physical & Logical Access ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 13.  To check whether proper controls have been implemented or not.  These controls need to be viewed in relation to the impact on the efficiency, security or effectiveness of the system.  Questions asked: Are there procedures for monitoring the implementation of strategic plan? Are current IT activities consistent with the plan? Is documentation complete and in current state? Does security procedures cover designation and duties of security officer? Are security breaches immediately reported for appropriate action? Are objectives, scope and requirements of acquisition clearly defined and documented? General Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 14.  Questions asked: Are the methods of data entry and conversion well documented? Are all the documents accounted for and if so what is the method used? Is there a system of documents being signed or marked to prevent reuse of data? Is there a system of escalation of reports to higher levels if the conditions deteriorate? Does the system provide for error messages for every type of error not meeting the validation? Input Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 15.  Questions asked: Do documented procedures exist explaining the methods for proper processing of each application program? Is the history log displayed by the console? Does the computer program logic have in-built standardized default options? Are version control procedures in place, ensuring the processing on the proper version of file? Are the error messages clear and short, communicating the nature of error for appropriate guidance to the user? Processing Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 16.  Questions asked: Is the user department responsible for correctness of all output? Examine whether document methods are in place for proper handling and distribution of output? Examine the system of forward linkage to trace transaction from origin to its final output stage Whether output audit trail logs are maintained and periodically reviewed by supervisors to ensure accuracy of output generated Output Controls ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com
  • 17.  Sections considered: Security Policy Organizational security Asset classification and control Personnel security Physical & Environmental security Communications & Operations management Access Control System development and maintenance Business continuity management Compliance IT security ISO for Software Outsourcing Companies in India Software Consultancy Indiahttp://www.ifourtechnolab.com

Notas do Editor

  1. Software Consultancy India– http://www.ifourtechnolab.com
  2. Software Consultancy India – http://www.ifourtechnolab.com
  3. Software Consultancy India– http://www.ifourtechnolab.com
  4. Software Consultancy India– http://www.ifourtechnolab.com
  5. Software Consultancy India– http://www.ifourtechnolab.com
  6. Software Consultancy India– http://www.ifourtechnolab.com
  7. Software Consultancy India– http://www.ifourtechnolab.com
  8. Software Consultancy India– http://www.ifourtechnolab.com
  9. Software Consultancy India– http://www.ifourtechnolab.com
  10. Software Consultancy India– http://www.ifourtechnolab.com
  11. Software Consultancy India– http://www.ifourtechnolab.com
  12. Software Consultancy India– http://www.ifourtechnolab.com
  13. Software Consultancy India– http://www.ifourtechnolab.com
  14. Software Consultancy India– http://www.ifourtechnolab.com
  15. Software Consultancy India– http://www.ifourtechnolab.com
  16. Software Consultancy India– http://www.ifourtechnolab.com
  17. Software Consultancy India– http://www.ifourtechnolab.com
  18. Software Consultancy India– http://www.ifourtechnolab.com