Information Technology Reference
In-Depth Information
check who has signed the agreements, IS auditors are also required to check how the agree-
ments are being enforced.
Data Storage Controls
Data captured using the application system is stored on internal or external storage. Data
stored on storage systems require to be protected from unauthorised users and from phys-
ical damage. Storage systems are themselves also subjected to environmental controls to
ensure that they are protected from environmental hazards.
In this era of big data, the need for sufficient storage to enable various types of data ana-
lytics is high and ever increasing. This also means that the enterprises need to apply ex-
tra measures to ensure that data storage devices are protected and effective controls are
applied.
a) How is access to data stored on external backup storage granted?
Access to external backup storage and backup systems require special access rights nor-
mally reserved for systems owners and administrators. The practice may be different in
other enterprises who might grant access to certain users or to IT staff only. Backup data is
stored on external storage which can be accessed online or by manually loading data from
external storage media. Data can also be kept on large virtual storage servers and users will
not notice the difference.
The IS auditor will require evidence that there are controls on how backup data is accessed
and how access to backup data on external storage is granted. Authorisation will normally
be granted on a need-to-know basis. As in other answers above, evidence can be obtained
from access control data and other documentation on access rights maintained by the enter-
prise.
b) What procedure does the enterprise have for ensuring data integrity?
Data integrity involves ensuring that data is protected from accidental or deliberate modi-
fications by implementing input controls, processing controls, change controls, and data
storage controls. These controls can only be effective if they are properly designed and reg-
ularly monitored by both management and other internal stakeholders.
In an enterprise, control procedures are developed to ensure data integrity and IS auditors
should be able to review these procedures by checking documentation and the controls em-
bedded in the application system. It is recommended that control procedures should be doc-
Search WWH ::
Custom Search