Download free SysTrust Audit Framework Templates
Download free SysTrust Audit Framework Templates
SysTrust is an audit framework that was developed by the AICPA and Canadian Institute of Chartered Accountants (CICA) to provide a mechanism for service providers to complete an audit based on a predefined set of criteria for security, availability, processing integrity, and confidentiality. Whereas SAS 70 was intended to focus on financial transaction processing, SysTrust was designed to apply to the reliability of any system—focusing on the principles of security, availability, confidentiality, and processing integrity. As a result, it is particularly well suited to CSPs serving enterprise customers. SysTrust reports focus on the operating effectiveness of controls over a period of time. (Refer to Appendix B for example SysTrust report content.)
Policies
- Review and approval
- Specific security, availability, confidentiality, and processing integrity topics addressed
- Responsibility and accountability
- Recovery and continuity of service
- Monitoring of system capacity
Communications
- System description (defines audit scope)
- Communication of security, availability, confidentiality, and processing integrity obligations to users
- Responsibility and accountability communicated to responsible individuals
- Security breach process
- Communication of changes that impact system security, availability, confidentiality, and processing integrity
Procedures
- Logical access procedures and restrictions, allow users to access only their data
- Physical access procedures and restrictions
- Protection of systems and data against unauthorized logical access
Virus protection
- Protection of authentication information
- Security breach/incident handling procedures
- Procedures for addressing non-compliance
- Design and implementation of systems in accordance with policies
- Personnel qualifications
Configuration management
- Change management, including emergency changes
- Protection of systems against availability risks
- Integrity and completeness of backups
- Disaster recovery/business continuity
- Completeness, accuracy, timeliness, and authorization of inputs, system processing, and outputs
Monitoring
- Periodic review of systems/controls based on policies
- Identification of potential impairments to ability to meet policies
- Monitoring of environmental and technological changes
| Free Download Attachment | Size |
|---|---|
| systrust-audit-framework-templates.xls | 21.5 KB |
| systrust-audit-framework-templates.xlsx | 10.62 KB |
| systrust-audit-framework-templates.png | 48.19 KB |
