Security Audit Program CIOs can use as a benchmark
ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS Compliant
Security Audit Program CIOs can use as a benchmark - Many organizations have to respond to the queries of internal or external auditors and demonstrate that access to their unstructured data is being properly controlled. Questions such as the following from auditors are not uncommon:
- How do you know who can access this folder with financial/customer/sensitive data in it?
- Who authorized a user to have access permission to a file and how?
- If a key file was deleted, how would you know it happened, or who did it?
- Who were the last people to access a critical folder, and what did they do?
- How do you make sure that the right people have access to your data?
After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Security Audit Program you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 28000 (Supply Chain Security Management System), ISO 27000 Series (ISO 27001 & ISO 27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.
The 11 areas of audit focus and objectives are:
- Corporate Security Management
- Systems Development and Maintenance
- Information Access Control Management
- Compliance Management
- Human Resource Security Management
- Information Security Incident Management
- Communications and Operations Management
- Organizational Asset Management
- Physical and Environmental Security Management
- Security Policy Management
- Disaster Recovery Plan and Business Continuity
Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:
- Read me - General instructions on the use of the Excel worksheets
- Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit. The point summary on this work sheet is calculated automatically by Excel.
- Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task. The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.
- Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area. The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.
- Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.
- Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.
- Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)
This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program. In the sample above it is easy to see those areas where improvement is need.
Security Audit Program
- Comes in MS EXCEL and PDF formats
- Meets ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD
Over 3,000 enterprises from around the world have chosen at least one of Janco's products. The Security Audit program is a must have tool that not only assists in meeting compliance requirements but also is a great way to validate that your enterprise is ready for your next external audit.
DRP and Security Audit
- Disaster Recovery Business Continuity - Standard edition
- Security Manual Template - Standard Edition
- Security Audit Program
- DR/BC Audit Program
Security Manual Template - Standard Edition
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Toolkit
- Security Management Checklist
- Full Detail Policies for
- Blog and Personal Website Policy
- Mobile Device Policy
- Physical and Virtural File Server Policy
- Sensitive Information Policy
- Travel and Off-Site Meeting Policy
- HIPAA Audit Program
- GDPR Compliance Checklist to meet EU Requirements
- California Consumer Privacy Act requirements definition
- Consumer Bill of Rights
- Sarbanes Oxley Section 404 Checklist
- Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets GDPR, ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
- Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgement Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
- eReader version of the Security Manual Template
Disaster Recovery Business Continuity Template (WORD) - comes with the latest electronic forms and is fully compliant with all mandated US, EU, and ISO requirements.
- Fully editable Disaster Recovery Business Continuit template
- Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031, ISO 22301, and ISO 28000
- Disaster Recovery Manager Job Description
- Manager Disaster Recovery & Business Continuity Job Description
- Application Inventory and Business Impact Analysis Questionnaire
- Incident Communication Plan and Policy with BEST PRACTICES for
- News Conferences
- Media Relations
- Social Network Checklist
- Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electronic Forms that can be e-mailed, completed via a computer or tablet, and stored electronically including:
- LAN Inventory, Location Contact Numbers, Off-Site Inventory, Personnel Locations, Plan Distribution, Remote Location Contact Information, Server Registration, Team Call List, and Vendor Contact Information
- Added Bonus - Safety Program Electronic Forms -- Area Safety Inspection, Employee Job Hazard Analysis, First Report of Injury, Inspection Checklist - Alternative Locations, Inspection Checklist - Office Locations, New Employee Safety Checklist, Safety Program Contact List, and Training Record