IT General Controls Audit
The IT General Controls audit is a comprehensive information technology/security audit based on requirements of:
      FFIEC IT Handbooks.
     Interagency Guidelines Establishing Information Security Standards (Regulation H, Appendix D-2).
     Payment Card Industry (PCI) Data Security Standard.
     ISO 27001 Information Security Management System.
     Other related information technology and information security standards.

 
The Scope Of The IT General Controls Audit Includes:
        
Information Security Program
Assessing compliance with the information security requirements 
of the Gramm-Leach-Bliley Act (GLBA) and Interagency Guidelines Establishing Information Security Standards (Appendix D-2 of 
Regulation H).
      Information Security Program
      Information Technology Risk Assessment
      Information technology administration/strategic planning
      Information security training and awareness
      Information technology audit/independent review program
      Vendor management/service provider oversight
      Incident Response Program
   
IT General Controls

Evaluating the existence and effectiveness of internal controls in place over the Information Security Program and related information technology processes as they relate to the security, confidentiality, and integrity of sensitive customer information.
      Access Controls – Core Processing System
     Access Controls – LAN/WAN
     Data Classification/Handling and Encryption
     Patch/Update Management
     Malware Protection
     Physical and Environmental Security – Data Center
     Mobile Security
     Project Management/System Change Management
     Intrusion Prevention & Managed Network Device Administration
     Remote Access/Telecommunications
     Remote Deposit Capture
     Backup and Tape Management
     Disaster Recovery and Business Continuity Management
     Websites
     Online Banking & Bill Payment
     Phone Banking
     ACH/Wire Transfer Security
     Access Controls – Branch Capture/Imaging System
     Identity Theft Prevention
   

   
Information Security Program Audit
The Information Security Program audit is a high level pre-IT Examination audit based on the requirements of:
      FFIEC IT Handbooks.
      Interagency Guidelines Establishing Information Security Standards (Regulation H, Appendix D-2).
The Scope of the Information Security Program Audit Includes:
    
Assessing compliance with the information security requirements of the Gramm-Leach-Bliley Act (GLBA) and Interagency Guidelines Establishing Information Security Standards (Appendix D-2 of Regulation H).
      Information Security Program
      Information Technology Risk Assessment
      Information technology administration/strategic planning
      Information security training and awareness
      Information technology audit/independent review program
      Vendor Management/Service Provider Oversight
      Incident Response Program
  
Additional control areas can be added to the scope of the audit.

   
 
   
     
 
   
View Our Privacy Policy
   

Maize & Blue Consulting, LLC 7612 W Emily Street Sioux Falls, South Dakota  57106 Phone: (605) 261-1615
   
Website Services Provided By MainStreet Web Design