Internal Controls
Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.
60
0%
Current Internal Controls
0
0%
New Internal Controls
0
0%
Updated Internal Controls
|
Actions
|
Title | Objective | Audit Methodology | Audit Success Criteria | Maintenance Task | Policies |
|---|---|---|---|---|---|---|
|
Badge Reviews
|
Ensure all active badges belong to current employees and contractors.
|
Input:
- List of employees that left the company since the last audit - List of all badges assigned to each employee Analysis: - Review if the badge assigned to a former employee is disabled or enabled (to a different employee) Output: - Spreadsheet with the analysis; column A includes the employee and a check mark on column B if the former employee has no valid badge assigned. |
There are no active cards assigned to ex-employees.
|
NA
|
Physical Security Standards | |
|
CCTV
|
Monitor access and specific areas in offices in order to prevent incidents or document evidence.
|
Input:
- CCTV recordings from all branches offices entrance door Analysis: - Validate recordings exist for up to 90 days Output: - Spreadsheet with the camera name (column A); office (column B) and a check mark if recordings for at least 90 days have been found. |
CCTV has at least 90 days of recording.
|
NA
|
Physical Security Standards | |
|
Datacenter Security
|
Ensure server rooms and datacenters comply with our policies and standards.
|
Input:
- Datacenter standards document Analysis: - Visit each site and make sure they comply with standards Output: - Spreadsheet with the analysis for each standard requirement a Yes / No. |
%100 compliance
|
NA
|
Physical Security Standards | |
|
Fire and Motion Detectors
|
Ensure that fire and unauthorized access in branch offices was prevented and controlled
|
Input:
- Monthly maintenance report from our supplier Analysis: - Make sure the monthly service has been completed - Make sure none fire extinguishers is not expired. Evidence: - Screenshot of every fire extinguisher - Sensors report reviewed |
All fire detectors and motion detectors are operating fire extinguishers are not expired.
|
Our fire sensor supplier must perform a monthly report.
|
Physical Security Standards | |
|
Visitor Log Reviews
|
Ensure all visitors have been properly registered before allowing them access to the office
|
Input:
- CCTV footage of the entrance camera for the last 90 days - Visitor Logs Analysis: - Review %10 of all visitors entry and ensure the log corresponds with CCTV Output: - Screenshots and spreadsheet with the entries reviewed |
All items reviewed have corresponding CCTV footage that validates the visitor log was properly completed.
|
NA
|
Physical Security Standards |