Download IT General Control (ITGC) Audit Program Template


ITGC IT General Control
So basically what is the simplest approach for ITGC? do we should check every changes and modification in our application and infrastructure? or do we should only focus to significant one? The simplest approach is by using minimum requirement by the government/regulation. So here is some scope of ITGC based on Sarbanes Oxley Section 404

Program Development Program Change
Acquire or develop application software The organization's system development life cycle (SDLC) includes security, availability and processing integrity requirements of the organization.

Acquire or develop application software An adequate SDLC methodology has been established to serve as a basis for controlling development and maintenance activities, and the SDLC methodology is consistent with business and end-user strategies and objectives.

Logical Access
Ensure systems security An information security policy exists and has been approved by an appropriate level of executive management.

Computer Operation
Define and manage service levels Service levels are defined and managed to support business user system requirements.


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket
AttachmentSize
ITGeneralControl.xls28.5 KB

Trackback URL for this post:

http://www.securityprocedure.com/trackback/296

User login

Who's online

There are currently 0 users and 7 guests online.