User Access Management Security Audit Checklist
User Access Management Security Audit Checklist
Clause 11.2 ISO 17025
1. User Registration
• Whether there is any formal user registration and de-registration procedure for granting access to all information systems and services.
2. Privilege Management
• Whether the allocation and use of any privileges in information system environment is restricted and controlled i.e.,
• Privileges are allocated on need-to-use basis, privileges are allocated only after formal authorization process.
3. User Password Management
• The allocation and reallocation of passwords should be controlled through a formal management process.
• Whether the users are asked to sign a statement to keep the password confidential.
4. Review of user access rights
• Whether there exists a process to review user access rights at regular intervals.
• Example: Special privilege review every 3 months, normal privileges every 6 months.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Wednesday, November 25th, 2009 at 3:04 am and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
