Internal Controls

Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.

60

0%
Current Internal Controls

0

0%
New Internal Controls

0

0%
Updated Internal Controls
Actions
Title
Objective
Audit Methodology
Audit Success Criteria
Maintenance Task
Policies
Badge Reviews
Ensure all active badges belong to current employees and contractors.
Input:
- List of employees that left the company since the last audit
- List of all badges assigned to each employee

Analysis:
- Review if the badge assigned to a former employee is disabled or enabled (to a different employee)

Output:
- Spreadsheet with the analysis; column A includes the employee and a check mark on column B if the former employee has no valid badge assigned.
There are no active cards assigned to ex-employees.
NA
Physical Security Standards
CCTV
Monitor access and specific areas in offices in order to prevent incidents or document evidence.
Input:
- CCTV recordings from all branches offices entrance door

Analysis:
- Validate recordings exist for up to 90 days

Output:
- Spreadsheet with the camera name (column A); office (column B) and a check mark if recordings for at least 90 days have been found.
CCTV has at least 90 days of recording.
NA
Physical Security Standards
Datacenter Security
Ensure server rooms and datacenters comply with our policies and standards.
Input:
- Datacenter standards document

Analysis:
- Visit each site and make sure they comply with standards

Output:
- Spreadsheet with the analysis for each standard requirement a Yes / No.
%100 compliance
NA
Physical Security Standards
Fire and Motion Detectors
Ensure that fire and unauthorized access in branch offices was prevented and controlled
Input:
- Monthly maintenance report from our supplier

Analysis:
- Make sure the monthly service has been completed
- Make sure none fire extinguishers is not expired.

Evidence:
- Screenshot of every fire extinguisher
- Sensors report reviewed
All fire detectors and motion detectors are operating fire extinguishers are not expired.
Our fire sensor supplier must perform a monthly report.
Physical Security Standards
Visitor Log Reviews
Ensure all visitors have been properly registered before allowing them access to the office
Input:
- CCTV footage of the entrance camera for the last 90 days
- Visitor Logs

Analysis:
- Review %10 of all visitors entry and ensure the log corresponds with CCTV

Output:
- Screenshots and spreadsheet with the entries reviewed
All items reviewed have corresponding CCTV footage that validates the visitor log was properly completed.
NA
Physical Security Standards