Audit Templates (Standalone)

Identification of Risks/Cybersecurity Governance

For each of the following practices employed by the Firm for management of information security assets, please provide the month and year in which the noted action was last taken; the frequency with which such practices are conducted; the group with responsibility for conducting the practice; and, if not conducted firm wide, the areas that are included within the practice. Please also provide a copy of any relevant policies and procedures.

• Physical devices and systems within the Firm are inventoried.
• Software platforms and applications within the Firm are inventoried.
• Maps of network resources, connections, and data flows (including locations where customer data is housed) are created or updated.
• Connections to the Firm’s network from external sources are catalogued.
• Resources (hardware, data, and software) are prioritized for protection based on their sensitivity and business value.
• Logging capabilities and practices are assessed for adequacy, appropriate retention, and secure maintenance.

For the rest of the procedures login and download the template.