Marked as deleted is changed in such a way that it

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: • Output report accuracy is reviewed and errors contained in output is controlled by cognisant personnel • Clear definition of security issues during output, interfacing and distribution exist • Communication of security breaches during any phase is communicated to management, acted upon and reflected in new procedures as appropriate • Process and responsibility of output disposal is clearly defined • Destruction is witnessed of materials used but not needed after processing • All input and output media is stored in off-site location in event of later need • Information marked as deleted is changed in such a way that it can no longer be retrieved KD Reference: _______________________________ _ For media library: • Contents of media library are systematically inventoried • Discrepancies disclosed by the inventory are remedied in a timely manner • Measures are taken to maintain the integrity of magnetic media stored in the library • Housekeeping procedures exist to protect media library contents • Responsibilities for media library management have been assigned to specific members of IT staff • Media back-ups and restoration strategy exists • Media back-ups are taken in accordance with the defined back-up strategy and usability of back-ups is regularly verified • Media back-ups are securely stored and storage sites periodically reviewed regarding physical access security and security of data files and other items IT Audit Manual Volume III 52 IT Audit Manual No. 118 Item Yes Response No KD • Retention periods and storage terms are defined for documents, data, programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication • In addition to the storage of paper source documents, telephone conversations are recorded and retained - if not in conflict with local privacy laws - for transactions or other activities that are part of the business activities traditionally conducted over telephones • Adequate procedures are in place regarding the archival of information (data and programmes) in line with legal and business requirements and enforcing accountability and reproducibility KD Reference: _______________________________ _ For information authentication and integrity: • The integrity of the data files is checked periodically • Requests received from outside the organisation, via telephone o...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online