Pre-Audit Procedures: Is your organization prepared for an audit?
Governance: Does your organization understand the Service Provider services and resources being used? Has your organization’s risk management program taken into account use of Service Provider?
Asset Configuration and Management: Does your organization manage operating system and application security vulnerabilities to protect the security, stability, and integrity of the asset?
Logical Access Control: Does your organization understand how users and permissions are set-up in Service Provider? Doesyour organization securely manage the credentials associated with your Service Provider accounts?
Data Encryption: Does your organization understand where your organization’s data resides and how is it protected?
Network Configuration and Management: Does your organization understand the network architecture of your Service Provider resources?
Security Logging and Monitoring: Are your organization’s systems residing on Service Provider logged and monitored?
Security Incident Response: Does your organization’s incident management plan and processes include systems in the Service Provider environment?
Disaster Recovery: Does your organization’s disaster recovery strategy include systems in the Service Provider environment?
Workbook with multiple worksheets. Download this template to review the detail audit programs and controls.
All materials contained on this site are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, broadcast, performed nor used to prepare derivative works, without the prior written permission of AuditNet®. You may not alter or remove any trademark, copyright, logo or other notice from copies of the content. For further information, see section 1 of the Terms and Conditions and section 2 of the Subscriber Access Agreement.