IT AUDIT CHECKLIST
www.RivialSecurity.com | 2
Soware Development Controls User Awareness Controls
Data Protecon Controls
Asset Management Controls
Security Program Controls
Change Management Controls
Disaster Recovery Controls
Vendor Management Controls
Incident Management Controls
☐ Soware development lifecycle established
☐ Secure coding and web app rewall/security
tesng
☐ Users trained on security
☐ Background checks for new employees
☐ Dues separated and documented
☐ Security logs collected and reviewed
☐ Encrypon in transit and at rest
☐ Data classicaon
☐ Usb restricons in place
☐ Removal of data from storage media
☐ Hardware and soware inventoried
☐ Installaon of unauthorized soware, ulity
and audit tools prohibited
☐ System capacity and performance monitored
☐ Risk assessments regularly performed
regularly
☐ Risks migated to acceptable levels
☐ Informaon security policies approved and in place
☐ Periodical independent audits performed
☐ Process for change management instated
☐ Inventory of IT assets
☐ Backups for systems and data
☐ Disaster recovery plan established and
regularly tested
☐ Business impact analysis plan established and
regularly tested
☐ Security clauses included in contracts
☐ SLA’s are monitored
☐ Vendor incident nocaons sent to
subservice organizaons
☐ Incident response plan instated and regularly
tested
☐ Customers noed following vendor incidents