Computer data protection checklist.
 Does your top management understand that successful management and protection of computer information and data are critical to the operation of your business?  A Have you written computer usage policies as part of the company policy manual?  If you have such policies, do they strictly prohibit use of pirated software?  Is someone in your organization responsible for solving your computer or software problems?  Is there an alternate problem solver?
 Are you using the security features available on your hardware and network?  Are passwords periodically changed (at least every 180 days)?  Are security controls reviewed periodically?  Are the system's internal controls adequate for high-risk functions? (This is a general question intended to encourage planning; there is no universal right way to address this.  Are computer reports with confidential information shredded? Are critical components such as network servers and wire closets locked up, inaccessible to most employees?  Do employees treat sensitive company data as if they were their own secrets?
 Have you ever quantified how long your business can afford to be without its critical systems?  Do you have a formal or informal business disaster recovery plan?  Do you have a method to continue carrying on business manually if your computers fail?  Do you have a contingency plan in case your computerized data become inaccessible?  Did you test your disaster recovery plan in the last 12 months?
 Do you have a written or unwritten backup policy and procedure?  Is your staff adequately trained in performing the backup and restoring backed-up information?  Is backup performed daily as changes to data occur?  Are you performing a full backup at least once a week?  Is the backup function assigned to an individual? (Ideally, one person should be responsible.  Does the person doing the backups have security rights to back up everything? (This person should have these rights.  Is backup of the hard drive in each user's computer the responsibility of that user?  If the answer is yes, how is this being enforced? If the answer is no, who is responsible for backing up those individual hard drives?  Do you store any of the backups off site?  A Is there a policy about who should take backups to the off-site facility?  Is the off-site location accessible to people who should not have access to your data?  If you have ever had to depend on backup, has it been reliable?  Do you have fewer than 5 to 10 sets of backup?  Are you backing up to some type of tape device?  Do you periodically review whether the system is storing adequate historical information for your organization's needs?  When you back up your computer system, do you write-verify the backup to ensure that it can be read? Do you periodically review your backup strategy?
 Does your equipment insurance cover laptops stolen from cars.  Are laptops and portable computers locked up out of view at night?
OTHER SECURITY ISSUES
 Are important documents protected from fire and other disasters?  Do you have some business brochures, business cards, stationery and other materials off site in the event of a catastrophe?  Do you have business interruption insurance to cover recreating lost data in the event of a business catastrophe?
|Printer friendly Cite/link Email Feedback|
|Publication:||Journal of Accountancy|
|Date:||Oct 1, 1995|
|Previous Article:||A worksheet for accounting for deferred taxes.|
|Next Article:||Treasury official recommends ways to resolve SAIF's problems.|