Correct processing in applications Security Audit Checklist
Correct processing in applications Security Audit Checklist
Clause 12.2 ISO 17025
1. Input data validation
• Whether data input to application system is validated to ensure that it is correct and appropriate.
• Whether the controls such as: Different types of inputs to check for error messages, Procedures for responding to validation errors, defining responsibilities of all personnel involved in data input process etc., are considered.
2. Control of internal processing
• Whether validation checks are incorporated into applications to detect any corruption of information through processing errors or deliberate acts.
• Whether the design and implementation of applications ensure that the risks of processing failures leading to a loss of integrity are minimised.
3. Message integrity
• Whether requirements for ensuring and protecting message integrity in applications are identified, and appropriate controls identified and implemented.
• Whether an security risk assessment was carried out to determine if message integrity is required, and to identify the most appropriate method of implementation.
4. Output data validation
• Whether the data output of application system is validated to ensure that the processing of stored information is correct and appropriate to circumstances.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Wednesday, November 25th, 2009 at 4:11 am and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
