Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS. Step 5. Assess the adequacy of physical security over the computer system hardware and storage media. Step 6. Determine whether an adequately trained backup system security administrator has been designated. Step 7.
a. Assess the adequacy of backup procedures for system software and data. The procedures should include periodic backups as necessary (daily, weekly, monthly), off-site storage at a secure location, and rotation of backup media.
b. Verify that at least one alternative set of processes exists for each key assumption (transportation, communications, staffing, processing facilities, etc.).
a. Assess the reasonableness of the access capabilities assigned to each user.
b. Confirm that user IDs of terminated employees are suspended in a timely manner.
c. Confirm that system access capabilities of transferred employees are adjusted accordingly.