SOX.2.0.14:: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
<br> | <br> | ||
::'''1. Risk: | ::'''1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.'''<br> | ||
:::a. [[SOX.2.0.14:|'''SOX.2.0.14''']] | :::a. [[SOX.2.0.14:|'''SOX.2.0.14''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.<br> | ||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 8: | Line 8: | ||
'''Testing Procedures''' | '''Testing Procedures''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
Select a sample of third-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s policies and procedures. .<br> | |||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 26: | Line 26: | ||
'''Control Stewards Process Narrative''' | '''Control Stewards Process Narrative''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
<p><font color=#008000> | <p><font color=#008000>Insert Narrative here.</font></p> | ||
<br> | <br> |
Latest revision as of 18:21, 14 June 2006
- 1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.
- a. SOX.2.0.14 Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.
Testing Procedures
Select a sample of third-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s policies and procedures. .
Testing Frequency
Quarterly validation of all systems within scope.
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Insert Narrative here.
Control Steward – Steve Somebody
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.