Data Center Examination
Name
Data Center Examination
Description
Data center examination document
Our objectives are to ensure:Our objectives are to ensure:
* Management has taken appropriate and timely action to address the deficiencies noted in prior audit and examination reports.
* Senior management develops and implements long- and short-range plans that fulfill the bank's mission and goals.
* Senior management has appointed a planning or steering committee to oversee the information services function and its activities.
* Segregate of duties is adequate.
* Management assumes full responsibility for formulating, developing, documenting, promulgating, and controlling policies, and that procedures are in place to determine that policies and procedures are being followed.
* The bank is in compliance with external requirements (regulations, laws, etc.).
* That a written plan has been developed and maintained for restoring critical information services in the event of a major failure.
* The adequacy and effectiveness of the IS disaster recovery/contingency plan is reviewed, tested, and maintained on a regular basis.
* Senior management has defined and implemented IS standards and adopted a system development life cycle methodology governing the process of developing, acquiring, implementing, and maintaining computerized information systems and related technology.
* Management of the IS function schedules routine and periodic hardware maintenance to reduce the frequency and impact of performance failures.
* Problems and incidents are resolved, and the cause investigated to prevent any recurrence.
* Management has implemented a proper strategy for backup and restoration.
* Backup procedures include the proper storage of the data files and software.
* Management assesses regularly the need for uninterruptible power supply batteries and generators for to secure against power failures and fluctuations.
* Appropriate physical security and access control measures have been established.
* System security is adequate to safeguard information against unauthorized use, disclosure or modification, damage or loss.
* Adequate preventative and detective control measures have been established regarding computer viruses.
* For each relationship with a third-party service provider, a formal contract is defined and agreed upon.
* Management has taken appropriate and timely action to address the deficiencies noted in prior audit and examination reports.
* Senior management develops and implements long- and short-range plans that fulfill the bank's mission and goals.
* Senior management has appointed a planning or steering committee to oversee the information services function and its activities.
* Segregate of duties is adequate.
* Management assumes full responsibility for formulating, developing, documenting, promulgating, and controlling policies, and that procedures are in place to determine that policies and procedures are being followed.
* The bank is in compliance with external requirements (regulations, laws, etc.).
* That a written plan has been developed and maintained for restoring critical information services in the event of a major failure.
* The adequacy and effectiveness of the IS disaster recovery/contingency plan is reviewed, tested, and maintained on a regular basis.
* Senior management has defined and implemented IS standards and adopted a system development life cycle methodology governing the process of developing, acquiring, implementing, and maintaining computerized information systems and related technology.
* Management of the IS function schedules routine and periodic hardware maintenance to reduce the frequency and impact of performance failures.
* Problems and incidents are resolved, and the cause investigated to prevent any recurrence.
* Management has implemented a proper strategy for backup and restoration.
* Backup procedures include the proper storage of the data files and software.
* Management assesses regularly the need for uninterruptible power supply batteries and generators for to secure against power failures and fluctuations.
* Appropriate physical security and access control measures have been established.
* System security is adequate to safeguard information against unauthorized use, disclosure or modification, damage or loss.
* Adequate preventative and detective control measures have been established regarding computer viruses.
* For each relationship with a third-party service provider, a formal contract is defined and agreed upon.
IT Audit Program
Comments
Download
This audit program is only available to Free subscribers. Please log in or sign up for a subscription to get this audit program.
Subscription Level
FreeLanguage
English.jpg "Protiviti KnowledgeLeader")
