SOX.2.0.14:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;">
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;">
<br>
<br>
::'''1. Risk: Insufficient controls over processing accuracy by a third-party service provider may result in inaccurate financial results.'''<br>
::'''1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.'''<br>
:::a. [[SOX.2.0.14:|'''SOX.2.0.14''']] A designated individual is responsible for regular monitoring and reporting on the achievement of the third-party service-level performance criteria.<br>
:::a. [[SOX.2.0.14:|'''SOX.2.0.14''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.<br>
<br>
<br>
</blockquote>
</blockquote>
Line 8: Line 8:
'''Testing Procedures'''
'''Testing Procedures'''
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
Determine if the management of third-party services has been assigned to appropriate individuals. Review the assignments listing and agree the listing to an active employees roster. <br>
Select a sample of third-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s policies and procedures. .<br>
<br>
<br>
</blockquote>
</blockquote>
Line 26: Line 26:
'''Control Stewards Process Narrative'''
'''Control Stewards Process Narrative'''
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
<p><font color=#008000>The AIX operating system prevents the addition of duplicate Ids. Furthermore, the regular review of administrator IDs listed above serves as a backstop for this control.</font></p>
<p><font color=#008000>Insert Narrative here.</font></p>


<br>
<br>

Latest revision as of 18:21, 14 June 2006


1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.
a. SOX.2.0.14 Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.



Testing Procedures

Select a sample of third-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s policies and procedures. .


Testing Frequency

Quarterly validation of all systems within scope.

Evidence Archive Location

Insert hyperlink or location of evidence archive.

Control Stewards Process Narrative

Insert Narrative here.


Control Steward – Steve Somebody

Process Illustration

Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.

Control Status and Auditors Commentary

The control is effective.


File:Greenlock.jpg

Status is acceptable.

Control Exception Commentary

Status is acceptable.

Remediation Plan

Remediation is not required at this time.