Scribd Logo
Unggah

Selamat datang di Scribd!

  • 0 List of Preliminary Requirements - IT Audit - JSIS 2015

    Diunggah oleh

    Ryan Pitts
    41 tayangan4 halaman
    audit

    Judul Asli

    0 List of Preliminary Requirements_ IT Audit _JSIS 2015

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    audit

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    41 tayangan4 halaman

    0 List of Preliminary Requirements - IT Audit - JSIS 2015

    Diunggah oleh

    Ryan Pitts
    audit

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 4

    Jindal Shadeed Iron and Steel Co LLC

    Preliminary list of Requirements


    IT Audit 2015
    Description

    Responsibilit
    y

    General
    1- IT organization chart (with personnel name and designation)
    2- IT policies and procedures manual (changes introduced this
    year)
    3- IT strategic plan and initiatives (Long term and Short Term)
    4- List of hardware platforms/operating system/database for the
    applications in audit scope. (Please provide the information
    in the attached sheet IT Environment Sheet.xlsx)

    To be provided
    by BASIS team

    5- Network diagram
    6- Applications interface diagram
    Not available

    To be provided
    by BASIS team

    7- Details of the WAN/LAN equipment and servers


    8- List of in-house developers application wise
    a. DEVJSPL2- Sandeep Chauhan
    b. DEVJSPL3- Anidhya Shori

    To be provided
    by BASIS team

    9- IT internal audit report carried out during the year (if any)
    10- Penetration test report (if performed)
    11- List of all employees currently employed with the entity with
    minimum fields like employee code, name, designation,
    department, date of joining
    12- List of employees joined, resigned and transferred during the
    year starting 01 Jan till date. The list should at minimum
    provide the following details:
    a. Employee full name
    b. Employee designation
    c. Employee code (HR code)
    d. Employee department/section
    e. Date of leaving/date of joining/date of transfer
    (Note: In case of internal transfers please provide transferred
    from and transferred to which department)
    Access Management
    13- Access Management (including access provisioning and deprovisioning) policies and procedures (please ignore if
    included in IT policies and procedures manual requested in
    point 2)

    To be provided
    by BASIS team

    14- List of all users including administrators on the applications


    in scope. The list of users should provide the following
    details:
    Has been separate excel sheet

    To be provided
    by BASIS team

    a. User name

    Jindal Shadeed Iron and Steel Co LLC


    Preliminary list of Requirements
    IT Audit 2015
    b. User id
    c. User access/profile assigned
    d. User status (Active/Disabled/Deleted)
    e. User creation date
    f.

    User deletion date

    g. Last login date


    15- List of all users including administrators on the underlying
    database and operating system of applications in scope.
    I.
    OS level User: IBM
    II.
    Database User: oraocp & root
    III.

    To be provided
    by BASIS team

    16- List of Active Directory users with administrators mentioning


    following details:
    a. User name
    b. User id
    c. User Status (Active/Disabled/Deleted)
    d. User creation date
    e. User deletion date
    f.

    Last login date

    17- Application account password configuration settings (for all


    the applications in scope).
    Password has been configured as alpha numeric
    minimum 8 characters with expiry of 60 days have been
    set in SAP.

    To be provided
    by BASIS team

    18- Database (s) (of applications in scope individually) account


    password configuration settings:
    Database(Oracle) standard password policy is applicable
    at database level.

    To be provided
    by BASIS team

    19- Active directory password policy


    20- Internet architecture and firewall security policy for review:
    Ask to Rajesh Sir for OMAN. We dont have.

    To be provided
    by BASIS team

    21- List of authorized personnel that have access

    To be provided
    by BASIS team

    I.
    II.

    to the server room (primary data center and DR data


    center);
    Mr. Virendra Sharma & Mr. Nilesh Chopra for Data
    Center via access card system.
    Mr. Sanowar Shah has DR data center access.
    to developer, test and production area for all the
    applications in scope;
    to modify backup jobs; and
    I.
    BASIS Administrator
    to approve program changes, move change from
    development/test environment to production
    environment

    Jindal Shadeed Iron and Steel Co LLC


    Preliminary list of Requirements
    IT Audit 2015
    SAP SPOC & SAP head
    22- Run the Database and Operating Systems scripts (We will be
    sending it separately)
    Change Management
    23- Change Management policies and procedures (please ignore
    if included in IT policies and procedures manual requested in
    point 2)
    The process is in such a way that there are Change
    Request form by which with proper approval the
    changes made done in Production server.

    To be provided
    by BASIS team

    24- Software version / configuration / patch management policies


    and procedures. (please ignore if included in IT policies and
    procedures manual requested in point 2)
    There is separate excel sheet has been provided.

    To be provided
    by BASIS team

    25- List of all changes applied to the applications in scope (for


    the period of 01 Jan till date) and the description of the
    change for the year 2014 The list should contain the change
    reference no#, change initiation date, change description,
    change approval date, implementation date, initiator,
    authorizer, tester and approver details
    Separate TR list has been submitted in excel with this
    document.

    To be provided
    by BASIS team

    Other IT General Controls (ITGCs)


    26- Incident management/helpdesk policy and procedure
    document (please ignore if included in IT policies and
    procedures manual requested in point 2)
    All the production activities is being track through help
    desk, for SAP we are using SAP solution manager .There
    is tracking and logs for all the production activity. There

    To be provided
    by BASIS team

    27- Please provide us reports such as incident


    management/helpdesk logs/ Incident and Problem
    Management monitoring reports (for the period of01 Jan till
    date).
    Sending some formats of incident management.

    To be provided
    by BASIS team

    28- Backup policy and procedure document (please ignore if


    included in IT policies and procedures manual requested in
    point 2).
    Shall be provided by tomorrow.

    To be provided
    by BASIS team

    29- Backup schedule :


    There is daily production backup is being schedule on
    incremental backup one time & 2 times daily backup of
    transactional log(redo log files).

    To be provided
    by BASIS team

    30- Back restoration testing performed during the year


    This is being done on quarterly basis 4 times in a year.

    To be provided
    by BASIS team

    31- Evidence of Backup storage (onsite and offsite), Labeling and


    movement procedures / registers / forms
    Attaching the screen shots for the proof.

    To be provided
    by BASIS team

    Jindal Shadeed Iron and Steel Co LLC


    Preliminary list of Requirements
    IT Audit 2015
    32- Back-up and recovery test schedules (restoration tests) and
    results :
    Not in practice.

    To be provided
    by BASIS team

    33- Business Continuity Plan/Disaster Recovery plan document


    for review:
    No documentation available.

    To be provided
    by BASIS team

    34- Business Continuity Plan/Disaster Recovery test schedules


    and results:
    We have tested the DR server more than one year back.

    To be provided
    by BASIS team

    Anda mungkin juga menyukai