Kentucky DOI:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:42, 23 June 2006 by Mdpeters (talk | contribs)
Jump to navigation Jump to search

MANAGEMENT CONTROL

Applicability:

Sarbanes-Oxley
HIPAA
GLBA
PCI
FISMA
NIST SP 800-66
Ditscap
DOI
Control Exception
User Defined


Risk Association Control Activities:


1. KY DOI A.1 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.



2. KY DOI A.2 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.



3. KY DOI A.3 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.



4. KY DOI A.4 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.



5. KY DOI A.5 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.


Implementation Guide:
Section A – No scoping note included, as completion of this section is required for all companies.

Supplemental Information:

--Mdpeters 08:26, 23 June 2006 (EDT)