Security in development and support services Audit Checklist
Security in development and support services Audit Checklist
Clause 12.5 ISO 17025
1. Change control procedures
• Whether there is strict control procedure in place over implementation of changes to the information system. (This is to minimise the corruption of information system.).
• Whether this procedure addresses need for risk assessment, analysis of impacts of changes.
2. Technical review of applications after operating system changes
• Whether there is process or procedure in place to review and test business critical applications for adverse impact on organizational operations or security after the change to Operating Systems.
• Periodically it is necessary to upgrade operating system i.e., to install service packs, patches, hot fixes etc., ”.
3. Restrictions on changes to software packages
• Whether modifications to software package is discouraged and/ or limited to necessary changes.
• Whether all changes are strictly controlled.
4. Information leakage
• Whether controls are in place to prevent information leakage.
• Whether controls such as scanning of outbound media, regular monitoring of personnel and system activities permitted under local legislation, monitoring resource usage are considered.
5. Outsourced software development
• Whether the outsourced software development is supervised and monitored by the organization.
• Whether points such as: Licensing arrangements, escrow arrangements, contractual requirement for quality assurance, testing before installation to detect Trojan code etc., are considered changes.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Wednesday, November 25th, 2009 at 6:28 am and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
