Follow Us:

  • Home
  • /
  • Service Details

IT General Controls

IT General Controls

IT General Controls

IT ENVIRONMENT,LANDSCAPE AND OVERALL SCOPING

  • Understanding of IT Landscape – Team Size, IT Organization Chart, List of Locations and Server Inventory.
  • List of IT Systems.
  • In-scope applications – Applications, Operating System (OS) and Database.
  • Review of IT Policies.
  • Other internal / external IT Audit reviews.
  • Third Party Vendors assisting the IT Team.
  • Company approach on Audit Trails, Backups.
  • Any incidence of breach / ransomware attacks etc. in last 3 years.
  • Software license monitoring / outdated software.

ACCESS MANAGEMENT

  • Access Provisioning.
  • Access De-provisioning.
  • Privilege Access whether appropriate.
  • Password Parameter Configurations whether inline with Policy.
  • HR List of New Joinees and Separation.
  • List of New Joinees and Separation – from In-scope Application.
  • Reconciliation of HR List with Application list.
  • User Access Review.
  • AD authentication or separate Application specific authentication.
  • Monitoring the activities of Privileged users.

CHANGE MANAGEMENT / PROGRAM DEVELOPMENT

  • Workflow / solution in place.
  • Approval workflow before deploying the changes into Production – UAT Approvals, Go-Live Approvals, Change Advisory Board (CAB) approvals.
  • Test Environment / Development Environment.
  • Segregation of Duties.
  • Change Management Monitoring Control.
  • Software Procurement as per Management Approvals

IT OPERATIONS / NETWORK

  • Anti-virus / malware in place.
  • USB, Bluetooth access disabled.
  • Bitlocker encryption / any other data encryption.
  • VPN access for remote login.
  • Firewall policy and monitoring rules.
  • Vulnerability Assessment and Penetration Testing - done internally and externally.
  • Incident Management solution in place.
  • BCP / DR plan in place and drills conducted periodically.
  • Batch jobs / scheduled jobs - IT related, Process related - EOD, BOD, Interface controls - A to B.
  • Success / failure notifications received for the batch jobs / scheduled jobs.

DATA CENTER & BACKUP CONTROLS

  • Access to data center how controlled - Access Card, Biometric etc.
  • Access to visitor how controlled.
  • Environmental controls and basic hygiene.
  • Data center visit.
  • Vendor SLA how monitored.
  • Backup
  • Backup configuration schedule.
  • Backup restoration tests / Mock Drills.
  • Access to Backup configuration restricted to authorized personnel.

Service List

Logo