System Audit Considerations
System Audit Controls
Any person conducting system audits will carefully plan, agree upon, and expedite system audits so as to minimise the risk of disruptions to operational business processes. This will ensure CX Index’s security requirement compliance while maximising the availability, integrity and security of its information resources.
The scope and requirements of all audits shall be controlled and agreed to by management.
Access to any files beyond read only shall be approved by the Senior Management. This includes isolated copies of system files. If isolated copies of system files are used, the files shall be destroyed as soon as the audit is completed.
Requirements for additional testing shall be identified and agreed upon by appropriate management.
CX Index resources shall be identified and made explicitly available for audit assistance.
All access to system shall be logged to produce a reference trail.
All procedures, responsibilities, requirements and scope shall be documented.
Protection of System Audit Tools
Any individual conducting system audits will protect access to system audit tools (i.e. software or data files). This will protect the security, availability and integrity of CX Index’s information resources by ensuring that CX Index’s system audit tools are protected from misuse or compromise.
System audit tools shall be separated from operational and development systems unless they are given the added appropriate protection and are authorised by the Senior Management.
Users must not test, or attempt to compromise computer or communication system security measures unless specifically approved in advance by the Senior Management.