IT
General Controls Audit
The IT General Controls audit is a comprehensive
information technology/security audit based on
requirements of: FFIEC IT
Handbooks. Interagency
Guidelines Establishing Information Security Standards
(Regulation H, Appendix D-2). Payment
Card Industry (PCI) Data Security Standard. ISO 27001
Information Security Management System. Other
related information technology and information security
standards.
The Scope
Of The IT General Controls Audit Includes:
Information Security
Program
Assessing compliance with the information security requirements
of the Gramm-Leach-Bliley Act (GLBA) and Interagency Guidelines Establishing Information Security Standards (Appendix D-2 of
Regulation H). Information Security
Program Information Technology Risk
Assessment
Information technology administration/strategic
planning Information security training and
awareness Information technology audit/independent review
program Vendor management/service provider
oversight Incident Response
Program
IT General Controls
Evaluating the existence and effectiveness of internal controls in place over the Information Security Program and related information technology processes as they relate to the
security, confidentiality, and integrity of sensitive customer information. Access Controls – Core Processing
System Access Controls –
LAN/WAN Desktop Management Data Classification/Handling and
Encryption Patch/Update Management Malware Protection Physical and Environmental
security Project Management/Systems Change
Management Intrusion Prevention & Network Device Administration Remote Access Telecommunications/Teleworking Remote Deposit Capture Backup and Tape Management Disaster Recovery and Business Continuity
Management Websites Online Banking Phone Banking ACH Security Wire Transfer Security Access Controls – Branch Capture/Imaging
System Identity Theft Prevention
Information Security Program Audit
The Information Security Program audit is a high level pre-IT Examination audit based on the requirements of: FFIEC IT Handbooks. Interagency Guidelines Establishing Information Security
Standards (Regulation H, Appendix D-2).
The Scope Of
The IT General Controls Audit Includes:
Assessing compliance with the information security requirements of the Gramm-Leach-Bliley Act (GLBA) and
Interagency Guidelines Establishing Information Security Standards (Appendix D-2 of Regulation H). Information Security
Program Information Technology Risk
Assessment Information technology administration/strategic
planning Information security training and
awareness Information technology audit/independent review
program Vendor Management/Service Provider
Oversight Incident Response
Program
Reviewing access controls over the following systems: Core Processing
System LAN / WAN
Additional control areas can be
added to the scope of the audit.
FFIEC IT
Handbooks.