close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel
Development & Architecture, Technical

Guidance and standards for application development lifecycles, secure coding, and other technical efforts.

Rules & Standards RSS
Results 1 - 9 of 9 Add a new rule
Analysis, Selection, and Implementation of Electronic Document Management Systems (EDMS)
Issuer: AIIM
Country Multi

A set of procedures and activities, which should be considered and/or performed during all aspects of analyzing, selecting, and implementing electronic document management systems. Also includes a categorization of relevant national and international stan ...

ReviewRecommendPrintVisitReportClaim
Electronic Records Management Software Applications Design Criteria Standard (DoD 5015.2)
Issuer: US DoD
Country US

Applies to systems development efforts by the DoD its contractors. Sets forth baseline functional requirements for Records Management Application (RMA) software; defines required system interfaces and search criteria; and describes minimum of requirements

ReviewRecommendPrintVisitReportClaim
Evaluation and Report Language (EARL) 1.0 Schema
Issuer: W3C
Country Multi

This document describes the formal schema of the Evaluation and Report Language (EARL) 1.0. The Evaluation and Report Language is a vocabulary to express test results. The primary motivation for developing this language is to facilitate the exchange of te ...

ReviewRecommendPrintVisitReportClaim
Framework for Managing Technology Risk for IT Service Provider Relationships
Issuer: BITS
Country US

Helps financial services companies address control weaknesses in outsourced IT services. Coverage includes information security controls and audits, disaster recovery, vendor management, and cross-border considerations.

ReviewRecommendPrintReportClaim
Global Technology Audit Guide (GTAG) 8: Auditing Application Controls
Issuer: IIA
Country Multi

Guidance on the assessment and audit of application controls, relation of application controls to general controls, scoping of a risk-based control review, and execution of application control reviews. Developed for internal audit executives and auditors.

ReviewRecommendPrintVisitReportClaim
Health IT Test Methods: Draft Test Procedures
Issuer: NIST
TagsNISTHHShealth ITHITtesting
Country US

To encourage a more widespread adoption of interoperable health information technology, The American Recovery and Reinvestment Act of 2009 calls for the Office of the National Coordinator (ONC) for Health IT, in consultation with NIST, to recognize a prog ...

ReviewRecommendPrintVisitReportClaim
NIST SP 800-125: Guide to Security for Full Virtualization Technologies
Issuer: NIST
TagsNISTsecurityvirtualizationstandardgovernment
Country US

NIST Special Publication 800-125 discusses security concerns associated with full virtualization technologies for server and desktop systems, and gives recommendations for addressing these concerns.

ReviewRecommendPrintReportClaim
Organizational Transformation: A Framework for Assessing and Improving Enterprise Architecture Management (V2.0)
Issuer: US GAO
TagsGAOarchitectureroad mapmaturityframework
Country US

Effective use of an enterprise architecture (EA) is a hallmark of successful organizations and an essential means to achieving a desired end: having operations and technology environments that maximize institutional mission performance and outcomes. Among ...

ReviewRecommendPrintVisitReportClaim
Software Assurance Maturity Model (SAMM) 1.0
Issuer: OpenSAMM
Country Multi

An framework for risk-sensitive secure software development. SAMM includes guidance on: 1) Evaluating an organization's existing software security practices; 2) Building a balanced software security program in well-defined iterations; 3) Demonstrating con ...

ReviewRecommendPrintVisitReportClaim

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.