SOX.2.0.14:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:21, 14 June 2006 by Tdspain (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.
a. SOX.2.0.14 Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.



Testing Procedures

Select a sample of third-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s policies and procedures. .


Testing Frequency

Quarterly validation of all systems within scope.

Evidence Archive Location

Insert hyperlink or location of evidence archive.

Control Stewards Process Narrative

Insert Narrative here.


Control Steward – Steve Somebody

Process Illustration

Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.

Control Status and Auditors Commentary

The control is effective.


File:Greenlock.jpg

Status is acceptable.

Control Exception Commentary

Status is acceptable.

Remediation Plan

Remediation is not required at this time.