Printer Friendly

Computer data protection checklist.

Making certain that computer information is protected is vital for any business or professional practice. The items on this Checklist will give CPAs and their clients a better understanding of some of the issues related to data security and protection and help them decide whether their systems should be modified. However, no final conclusions should be reached by completing this checklist without further review and consultation.

POLICIES

[] Does your top management understand that successful management and protection of computer information and data are critical to the operation of your business? [] A Have you written computer usage policies as part of the company policy manual? [] If you have such policies, do they strictly prohibit use of pirated software? [] Is someone in your organization responsible for solving your computer or software problems? [] Is there an alternate problem solver?

SECURITY

[] Are you using the security features available on your hardware and network? [] Are passwords periodically changed (at least every 180 days)? [] Are security controls reviewed periodically? [] Are the system's internal controls adequate for high-risk functions? (This is a general question intended to encourage planning; there is no universal right way to address this. [] Are computer reports with confidential information shredded? Are critical components such as network servers and wire closets locked up, inaccessible to most employees? [] Do employees treat sensitive company data as if they were their own secrets?

CONTINGENCY

[] Have you ever quantified how long your business can afford to be without its critical systems? [] Do you have a formal or informal business disaster recovery plan? [] Do you have a method to continue carrying on business manually if your computers fail? [] Do you have a contingency plan in case your computerized data become inaccessible? [] Did you test your disaster recovery plan in the last 12 months?

BACKUP

[] Do you have a written or unwritten backup policy and procedure? [] Is your staff adequately trained in performing the backup and restoring backed-up information? [] Is backup performed daily as changes to data occur? [] Are you performing a full backup at least once a week? [] Is the backup function assigned to an individual? (Ideally, one person should be responsible. [] Does the person doing the backups have security rights to back up everything? (This person should have these rights. [] Is backup of the hard drive in each user's computer the responsibility of that user? [] If the answer is yes, how is this being enforced? If the answer is no, who is responsible for backing up those individual hard drives? [] Do you store any of the backups off site? [] A Is there a policy about who should take backups to the off-site facility? [] Is the off-site location accessible to people who should not have access to your data? [] If you have ever had to depend on backup, has it been reliable? [] Do you have fewer than 5 to 10 sets of backup? [] Are you backing up to some type of tape device? [] Do you periodically review whether the system is storing adequate historical information for your organization's needs? [] When you back up your computer system, do you write-verify the backup to ensure that it can be read? Do you periodically review your backup strategy?

LAFTOP COMPUTERS

[] Does your equipment insurance cover laptops stolen from cars. [] Are laptops and portable computers locked up out of view at night?

OTHER SECURITY ISSUES

[] Are important documents protected from fire and other disasters? [] Do you have some business brochures, business cards, stationery and other materials off site in the event of a catastrophe? [] Do you have business interruption insurance to cover recreating lost data in the event of a business catastrophe?
COPYRIGHT 1995 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1995, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Journal of Accountancy
Date:Oct 1, 1995
Words:599
Previous Article:A worksheet for accounting for deferred taxes.
Next Article:Treasury official recommends ways to resolve SAIF's problems.
Topics:


Related Articles
Protection against computer viruses.
Planning for a computerized accounting system.
Disaster recovery planning checklist.
Service extension opportunities checklist.
Disaster Recovery Yellow Pages, 8th Edition, 1999/2000.
AICPA Tax Division annual CD.
Virtual necessities: assessing online course design.
Protecting your digital sources.
Complying with the Data Protection Act.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters