35. Do we run anti-virus software on servers on all Microsoft platforms? 36. Is dial-in access into the system/network is controlled by authentication and logs? 37. Are all our email servers configured to check all incoming and outgoing emails for viruses, spam and other threats? 38. Are only authorised staff can access operating system utilities and perform software upgrade and administration to network components? 39. Do we only allow VPN access to computers that implement antivirus software and personal firewall? 40. Do we have a process in place in order to cancel anyone VPN access rights as soon as their reason for having the VPN is invalidated? 41. Do we use automated tools to assess system/network vulnerabilities? …show more content…
Do we have a backup power system for our offices? Protection of customer personal information (in addition to security measures stated elsewhere in this audit checklist) 54. Do we only giving access to personal information to a person who is verified to be able to receive that information? 55. Are controls in place to restrict Auscred Services staff’s ability to transmit customer personal information outside of Auscred Services? 56. Do we have a way of identifying and managing solicited information versus unsolicited information ? 57. Do we have a way of identifying and managing sensitive information ? Security awareness and education 58. Do we training all Auscred Services staff regarding the above on a regular recurring basis? 59. Do we conduct periodic spot-checks of Auscred Services staff’s workspace for security related compliance (such as compliance to any clean desk policy)? Disaster recovery 60. Do we follow our documented procedures for backup and recovery? Note: IT backup is an important component of our BCP. For example, our BCP provides that that we do these things to minimise the risk of lost of electronic documents – some documents are scanned to tape, and softcopies are held by business units; remote replication; and disk