Computer data protection checklist.Making certain that computer information is protected is vital for any business or professional practice. The items on this Checklist will give CPAs and their clients a better understanding of some of the issues related to data security and protection and help them decide whether their systems should be modified. However, no final conclusions should be reached by completing this checklist without further review and consultation. POLICIES [] Does your top management understand that successful management and protection of computer information and data are critical to the operation of your business? [] A Have you written computer usage policies as part of the company policy manual? [] If you have such policies, do they strictly prohibit use of pirated pi·rate n. 1. a. One who robs at sea or plunders the land from the sea without commission from a sovereign nation. b. A ship used for this purpose. 2. One who preys on others; a plunderer. 3. software? [] Is someone in your organization responsible for solving your computer or software problems? [] Is there an alternate problem solver? SECURITY [] Are you using the security features available on your hardware and network? [] Are passwords periodically changed (at least every 180 days)? [] Are security controls reviewed periodically? [] Are the system's internal controls adequate for high-risk functions? (This is a general question intended to encourage planning; there is no universal right way to address this. [] Are computer reports with confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead shredded shred n. 1. A long irregular strip that is cut or torn off. 2. A small amount; a particle: not a shred of evidence. tr.v. ? Are critical components such as network servers and wire closets locked up, inaccessible inaccessible Surgery adjective Unreachable; referring to a lesion that unmanageable by standard surgical techniques–eg, lesions deep in the brain or adjacent to vital structures–ie, not accessible. See Accessible. to most employees? [] Do employees treat sensitive company data as if they were their own secrets? CONTINGENCY [] Have you ever quantified how long your business can afford to be without its critical systems? [] Do you have a formal or informal business disaster recovery plan? [] Do you have a method to continue carrying on business carrying on business n. pursuing a particular occupation on a continuous and substantial basis. There need not be a physical or visible business "entity" as such. manually if your computers fail? [] Do you have a contingency plan A plan involving suitable backups, immediate actions and longer term measures for responding to computer emergencies such as attacks or accidental disasters. Contingency plans are part of business resumption planning. in case your computerized data become inaccessible? [] Did you test your disaster recovery plan in the last 12 months? BACKUP [] Do you have a written or unwritten LAW, UNWRITTEN, or lex non scripta. All the laws which do not come under the definition of written law; it is composed, principally, of the law of nature, the law of nations, the common law, and customs. backup policy and procedure? [] Is your staff adequately trained in performing the backup and restoring backed-up information? [] Is backup performed daily as changes to data occur? [] Are you performing a full backup See backup types. at least once a week? [] Is the backup function assigned to an individual? (Ideally, one person should be responsible. [] Does the person doing the backups have security rights to back up everything? (This person should have these rights. [] Is backup of the hard drive in each user's computer the responsibility of that user? [] If the answer is yes, how is this being enforced? If the answer is no, who is responsible for backing up those individual hard drives? [] Do you store any of the backups off site? [] A Is there a policy about who should take backups to the off-site facility? [] Is the off-site location accessible to people who should not have access to your data? [] If you have ever had to depend on backup, has it been reliable? [] Do you have fewer than 5 to 10 sets of backup? [] Are you backing up to some type of tape device? [] Do you periodically review whether the system is storing adequate historical information for your organization's needs? [] When you back up your computer system, do you write-verify the backup to ensure that it can be read? Do you periodically review your backup strategy? LAFTOP COMPUTERS [] Does your equipment insurance cover laptops stolen from cars. [] Are laptops and portable computers locked up out of view at night? OTHER SECURITY ISSUES [] Are important documents protected from fire and other disasters? [] Do you have some business brochures, business cards, stationery The term for boilerplate in the Eudora mail client, starting with Version 3.0. Stationery files are stored on disk and brought into new messages or added to replies. See boilerplate. and other materials off site in the event of a catastrophe? [] Do you have business interruption insurance Noun 1. business interruption insurance - insurance that provides protection for the loss of profits and continuing fixed expenses resulting from a break in commercial activities due to the occurrence of a peril to cover recreating lost data in the event of a business catastrophe? |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion