close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel
Submit in FaceBook
Submit Policy%20Application%20Checklist%20%28Administrative%20Utility%29 in Google Bookmarks
Tweet this!
|
Print
E-mail
 
Policy Application Checklist (Administrative Utility)
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------

Open IT Policy Index

-------------------------------------------------------------------------------------------------

This checklist supports the efforts of departmental managers in tracking policies applicable to the organization(s) and system(s). The checklist is designed to facilitate administration of the entire policy lifecycle—from draft through adoption, publication, communication, review, and revision.

How to Use this Checklist

Required Policies

The checklist by default indicates the status of policies are required for [variable: Covered Organization or system(s)], based on the nature of the Information Resources used by the organization. For each policy in the list:

  • Indicate “YES” in each column where the column heading indicates a true statement
  • Note a targeted completion date in each column where the column heading indicates a condition that is not yet met

Optional Policies

The checklist does not indicate the status of policies is required. [variable: Covered Organization or system(s)] should verify whether the policy is required, based on 1) the nature of the Information Resources used by an organization, and 2) the requirements statement noted by each policy title.

If [variable: Covered Organization or system(s)] falls under the policy requirements noted:

  • Indicate “YES” under the “Required” column heading
  • Indicated Yes under each additional column heading that indicates a true condition
  • Note a targeted completion date in each column where the column heading indicates a condition that is not yet met

If the policy is not required based on the requirements statement simply mark the Required column “No.”

Policy Checklist Form

Required Drafted Published Approved Adopted Communicated Revised
Acceptable Use
Yes            
Account Management
Yes            
Special Access Management
Yes            
Change Management
Yes            
Contingency Planning
Yes            
Incident Response
Yes            
Marking, Handling, Processing, Storage, and Disposal of Data
Yes            
Data Backup and Storage
Yes            
Account Access and Passwords
Yes            
Physical Access
Yes            
Privacy
Yes            
Security Training
Yes            
Software License Management
Yes            
Virus Detection
Yes            
Intrusion Detection (Required for networked environments)
?            
Network Access
?            
Network Configuration
?            
Portable Computing (Required for organizations supporting laptops, PDA, or other portable devices or media)
?            
Network Security Monitoring
?            
Server Hardening
?            
Secure Software Development Lifecycle (Required for environments where software is developed)
?            
Vendor Access (Required for environments where third-parties access information resources)
?            

References

Tool model(s)

State of Texas, Department of Information Resources
 
Hide comment form

Antispam Refresh image Case sensitive

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.