Written by AIJanuary 21, 2024
Internal Audit Policy for IT Systems
IT Policy Article
-
Table of Contents
EDC Inc Internal Audit Policy for IT Systems
This policy outlines the internal audit procedures for IT systems at EDC Inc. It is designed to ensure the integrity, confidentiality, and availability of information assets. The policy applies to all IT systems, including those managed by IT Server Operations, IT Server Build Operations, IT-SOC, Corporate Physical Security, IT Security Operations, IT Monitoring Operations, IT Database Operations, and IT Audit and Compliance.
1. Purpose
The purpose of this policy is to establish guidelines for conducting internal audits of IT systems at EDC Inc. This includes the review of system access controls, data integrity, system performance, and compliance with applicable laws and regulations.
2. Scope
This policy applies to all IT systems and data at EDC Inc, including but not limited to:
- User and service accounts in Active Directory
- Inventory management tool (CMDB)
- Change Audit Board (CAB)
3. Roles and Responsibilities
The IT Audit and Compliance department is responsible for conducting internal audits of IT systems. The IT Director and Managers of each department are responsible for ensuring compliance with this policy within their respective departments.
4. Audit Procedures
The IT Audit and Compliance department will conduct audits in accordance with the following procedures:
- Review of system access controls to ensure that only authorized individuals have access to IT systems.
- Review of data integrity to ensure that data is accurate, complete, and reliable.
- Review of system performance to ensure that IT systems are operating efficiently and effectively.
- Review of compliance with applicable laws and regulations.
5. Patch Management
IT Server Operations is responsible for managing OS patching. Each server must be patched every 30 days, unless an “IT Exception” is approved by IT Security.
6. Reporting
The IT Audit and Compliance department will prepare a report summarizing the findings of the audit. This report will be submitted to the IT Director and Managers of each department for review and action.
7. Policy Compliance
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. Any suspected violations of this policy should be reported immediately to the IT Audit and Compliance department.
8. Policy Review
This policy will be reviewed annually by the IT Audit and Compliance department to ensure its continued relevance and effectiveness.
Summary
This policy provides a framework for conducting internal audits of IT systems at EDC Inc. It outlines the roles and responsibilities of the IT Audit and Compliance department and the IT Director and Managers of each department. The policy also details the audit procedures and reporting requirements. Compliance with this policy is mandatory for all employees.
You may also like
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |