Operational procedures and responsibility Security Audit Checklist

Operational procedures and Responsibility Security Audit Checklist
Clause 10.1 ISO 27001

1. Documented Operating procedures

• Whether the operating procedure is documented, maintained and available to all users who need it.

• Whether such procedures are treated as formal documents, and therefore any changes made need management authorization.

2. Change Management

• Whether all changes to information processing facilities and systems are controlled.

3. Segregation of duties

• Whether duties and areas of responsibility are separated, in order to reduce opportunities for unauthorized modification or misuse of information, or services.

4. Separation of development, test and operational facilities

• Whether the development and testing facilities are isolated from operational facilities. For example, development and production software should be run on different computers.

• Where necessary, development and production networks should be kept separate from each other.

Related documents

ISO 27001 checklist

Advertisement

Sponsor sites:

1. Phrases For Performance Appraisals.

2. Interview questions and answers.
This entry was posted on Tuesday, November 24th, 2009 at 3:51 pm and is filed under ISO 27001 checklist. You can leave a response, or trackback from your own site.

Leave a Reply

CAPTCHA Image
*

Comment moderation is enabled. Your comment may take some time to appear.