How to handle the IT Auditor - A simple checklists

1. Help the auditor gather information.

2. Do not expect to see the audit report.

3. If asked for a response, provide it promptly.

4. Work with internal audit to identify key risks for the organization.

5. If an external audit is expected, talk with system administrators to learn how they are implementing security policies and procedures.

6. Conduct a mock audit before a real one to identify potential findings.

Financial Institution Contingency Plans for Service Provider and Third Party Services

1. Identify all the categories and sources of data input into the service provider’s systems by the thrift. Usually, these items are limited to branch and back-office online terminal input. Other items of input, such as automated teller machine (ATM) transactions, automated clearinghouse (ACH) transactions, and in-clearings ('on us' checks negotiated outside of the institution), are usually the responsibility of vendors that provide the respective processing services.

2. Describe the steps required to recover previously input data and prepare them for resubmission when requested by the service provider. (Institution management should realize that if the disaster takes place on a business day, online data entered on that day will not have been backed up offsite and will likely be lost.)

Download Free Corporate Antivirus and End Point Security Policy

Corporate Antivirus and End Point Security Policy should be applies to the use of all ICT equipment in use within the company. It sets the standards for the deployment of antivirus software, states the position of the Trust and sets out the obligations that all members of staff have in ensuring the security and stability of the corporate infrastructure. This policy is designed to protect the Trust and individuals.

Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Service Provider Due Diligence, here is the checklists:

1. Describe your organization's administrative, technical, and physical safeguards over non-public financial information to which you may have access if you are selected as the University's vendor. Note that these safeguards must be appropriate to the size and complexity of your firm, the nature and scope of your activities, and the sensitivity of customer information at issue. Use as many pages as necessary to respond.

2. Describe your current or planned procedures for detecting and responding to breaches of security re: access to such non-public financial information. Use as many pages as necessary to respond.

3. Has your organization designated an employee or employees to coordinate the information security program?

Each organization have their own style and maturity for IT Capacity Planning Process. Here are the Five Types of Organizational IT Capacity Planning that most of organization used:

Type 1:
Style: Reactive, firefighting

Type 2:
Style: Efficient: professional and sophisticated firefighting

Type 3:
Style: Fewer fires; analysis of problems, start of process improvement