IBM AS400 Security Procedures(3)

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

Testing (Backup Procedures)

1. Select a critical application to be tested based on the scope of

the review.

2. Obtain a current backup schedule for the programs and data files

selected.

3. Identify critical files used with this application on the Volume

Table Of Contents (VTOC) listing.

4. Trace files on the VTOC to the backup schedule.

5. Locate backup files in on-site storage.

6. Verify that dates on backup media agree with backup schedule.

7. Locate backup files on off-site storage. 8. Verify that dates on backup media agree with backup schedule. 9. Describe the contents of off-site storage facility.

BACKUP PROCEDURES G/TEST

10

Page 1 of 1

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

H. Disaster Recovery 1. Obtain a formal copy of the company's current disaster recovery plan.

2.

Obtain the company's list of employees and vendors to be contacted in the event of an emergency.

3.

Describe the method and extent of user involvement in the creation and maintenance of the plan.

4.

Ensure that all critical systems have been identified.

5.

Review interim manual procedures, prepared for users to continue processing critical transactions, for completeness.

6.

Review the documented results from the test of the disaster recovery plan.

7.

Review the disaster recovery plan for completeness. Some items to be considered in the review are: a.

Possible alternate processing sites.

b.

Alternate sites tested at least annually.

c.

Agreement exist for the use of the alternate sites.

d.

Availability of peripheral equipment.

e.

Defining critical systems to be processed.

f. Ability to process without key personnel.

g.

Ability to adapt plan to lesser disasters.

DISASTER RECOVERY

H/PROG

11

Page 1 of 1

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

I.

Implementation/Change Controls 1.

Verify that a formal method of project control has been established which covers all phases for the development of new/modified systems.

Document the method and reports used to control and prioritize projects.

Review the justification proposal created for all new systems, or major enhancements to existing systems, which may include: a.

Scope and purpose of the system User requirements. Cost analysis. Time estimates.

2.

3.

b.

c.

d.

4.

5.

a.

b.

c.

d.

e.

6.

CHANGE CONTROL

I/PROG Page 1 of 3

Ensure the programming phase is properly supervised by EDP management.

Completion of a programming checklist. Required approval points.

Adherence to programming standards. Target dates for completion. The assignment of programmers.

Ensure that a detailed plan has been prepared and documented which should include:

Document the approval process to ensure that a steering committee or top management is involved.

12

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

I.

Implementation/Change Controls (continued) 7. 8.

Verify that programmers perform all development work only in test libraries and using test data.

Document testing procedures established for all new/modified systems.

Ensure that users participate in the creation of test.

Verify that test results are reviewed by both EDP and User management to provide compliance with specifications.

Review the plan for converting new/modified systems from development to production. Does it include at a minimum: a. b. c.

The training of users.

Completion of documentation.

Defining user access requirements.

9.

10.

12.

13. < …… 此处隐藏：3508字，全部文档内容请下载后查看。喜欢就下载吧 ……