Website Management by 2P2nbI

VIEWS: 0 PAGES: 7

									     Contributed 23 January 2002 by Laura Friend      laura.friend@hants.gov.uk

There are adequate physical and logical security controls to protect data and users.
SYSTEM CONTROL OBJECTIVES

ESTABLISHMENT OR SERVICE:                                                                  FILE REF:

SYSTEM:         WEB SITE MANAGEMENT                                                        Auditor:              /   /

                                                                                           Reviewer:             /   /

OVERALL SYSTEM OBJECTIVE: There are appropriate controls and procedures in place for the secure and controlled
                          use of web sites.




                 CONTROL OBJECTIVES                                                    COMMENTS

Is there reasonable assurance that:

1.     there is a strategy for the content and use of the web
       site.


2.     the web site meets the business objectives and is
       consistent with the marketing strategy.


3.     management and operational responsibilities for the
       web site are clearly defined.


4.     there are adequate controls to ensure that changes
       made to the web site are approved and installed in a
       controlled manner.

5.     there are adequate physical and logical security
       controls to protect data and users.


6.     adequate back-up and disaster recovery
       arrangements exist.




SYSTEM CONCLUSION:




     SBA                                           Page 1 of 7                                 03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                       FILE REF:

SYSTEM:         WEB SITE MANAGEMENT                                                             Auditor:               /   /

                                                                                                Reviewer:              /   /
SYSTEM CONTROL OBJECTIVE:               1.   there is a strategy for the content and use of the web site.

                     KEY CONTROLS                                           ACTUAL CONTROLS                      W.P REF.

A. There are defined business objectives and requirements
   for the web site.



B. Responsibility for the web site is clearly defined.




C. There is a policy for approving links to web sites not
   hosted by the organisation.



D. There are effective controls and guidance to ensure that
   web sites hosted for organisations are approved and
   conform to agreed standards.




CONTROL EVALUATION/ WEAKNESSES TO REPORT:




    SBA                                          Page 2 of 7                                         03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                    FILE REF:

SYSTEM:        WEB SITE MANAGEMENT                                                           Auditor:                /   /

                                                                                             Reviewer:               /   /
SYSTEM CONTROL OBJECTIVE:              2.   the web site meets the business objectives and is consistent with the marketing
                                            strategy.

                    KEY CONTROLS                                          ACTUAL CONTROLS                        W.P REF.

A. The web site and content meet the corporate
   objectives.



B. Measures are taken to actively promote the site through
   Internet Search Engine services and by other
   advertising.


C. There is a process to receive user feedback and
   complaints and they are used to improve the content
   and function of the web site.


D. There is an adequate budget for the operation and
   maintenance of the web site to enable the quality and
   content to be maintained.




CONTROL EVALUATION/ WEAKNESSES TO REPORT:




    SBA                                          Page 3 of 7                                      03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                      FILE REF:

SYSTEM:        WEB SITE MANAGEMENT                                                             Auditor:               /   /

                                                                                               Reviewer:              /   /
SYSTEM CONTROL OBJECTIVE:                 3.   management and operational responsibilities for the web site are clearly
                                               defined.

                    KEY CONTROLS                                            ACTUAL CONTROLS                       W.P REF.

A. Management responsibilities for both the web site and
   administrative functions are clearly defined.



B. Staff have current job descriptions.




C. Staff are given suitable training and guidance to do
   their job.



D. There are documented policies and procedures for web
   site management to ensure consistent content and
   layout.




CONTROL EVALUATION/ WEAKNESSES TO REPORT:




    SBA                                            Page 4 of 7                                      03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                    FILE REF:

SYSTEM:         WEB SITE MANAGEMENT                                                          Auditor:               /      /

                                                                                             Reviewer:              /      /
SYSTEM CONTROL OBJECTIVE:               4.   there are adequate controls to ensure that changes made to the web site are
                                             approved and installed in a controlled manner.

                     KEY CONTROLS                                         ACTUAL CONTROLS                       W.P REF.

A. Checks are made to ensure that broken links or pages
   that cannot be referenced are identified.



B. Changes to site content are approved.




C. There is a process for changing and testing site content.




D. Update authority for the web site is controlled.




CONTROL EVALUATION/ WEAKNESSES TO REPORT:




    SBA                                          Page 5 of 7                                      03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                      FILE REF:

SYSTEM:         WEB SITE MANAGEMENT                                                            Auditor:               /   /

                                                                                               Reviewer:              /   /
SYSTEM CONTROL OBJECTIVE:                5.   there are adequate physical and logical security controls to protect data and
                                              users.

                     KEY CONTROLS                                          ACTUAL CONTROLS                        W.P REF.

A. There is adequate protection against unauthorised
   hacking of content or denial of service attacks.



B. There is a Service Level Agreement for any third party
   Internet Service Provider used which includes
   arrangements for security and integrity.


C. The firewall is adequately configured to restrict the
   types of service that can be initiated both internally and
   externally.


D. Virus protection software is installed and is kept up to
   date.



E. Event logs are reviewed on a regular basis and
   irregularities are investigated and followed up.



F.   There are adequate controls in place to detect
     unauthorised access.



CONTROL EVALUATION/ WEAKNESSES TO REPORT:




     SBA                                          Page 6 of 7                                       03 October 2012
KEY CONTROL EVALUATION

ESTABLISHMENT OR SERVICE:                                                                  FILE REF:

SYSTEM:        WEB SITE MANAGEMENT                                                         Auditor:              /   /

                                                                                           Reviewer:             /   /
SYSTEM CONTROL OBJECTIVE:              6.   adequate back-up and disaster recovery arrangements exist.

                    KEY CONTROLS                                        ACTUAL CONTROLS                    W.P REF.

A. There are adequate backup arrangements for the web
   site.



B. There is adequate physical protection for the web site
   server and associated equipment.




CONTROL EVALUATION/ WEAKNESSES TO REPORT:




    SBA                                         Page 7 of 7                                    03 October 2012

								
To top