Data Processing ICQ

Last Modified Sunday, 20-Oct-1996 22:45:23 PDT

    Operating Environment

  1. Is the departmental accounting system a microcomputer based system?
  2. Does the department have IBM PC’s, compatible or clones?
  3. Does the department have Macintosh or Apple computers?
  4. How many micro computers does the department have?
  5. Does the department have a LAN? If yes, what type?
  6. Are the department micro computers or LAN connected to any other systems via modem or other communication devices?
  7. What software does the department use for:
  8. Are there any applications which have been developed by departmental personnel?
  9. What systems are internally developed?

    Purchased Software

  10. Are original copies of software in a safe or otherwise protected?
  11. Does the department comply with software vendors’ agreements regarding the number of computers where the software may be used?
  12. Has the department registered its commercial software?
  13. Is the software registered in the department’s rather than an individuals name?
  14. For department administrative computers, is shareware from electronic bulletin boards or computer user groups used?

    Purchased and Internally Developed Software

  15. Are computer users aware of how computer viruses can be distributed?
  16. Does the department have policy on the installation of personal software on department computers?
  17. Is the master copy of the application secured for future use if the working copies are written over?
  18. Does basic documentation (program logic, database structure, macros, required input, and expected output) exist for the application?
  19. If the application needs to be modified, can departmental personnel make the required changes?
  20. Do at least two individuals know how to use each application?
  21. Is there a single "key" person whose departure from the department could jeopardize the continuing use of the application?
  22. Is there written documentation for departmental spreadsheets?
  23. Would accidental or intentional changes to the application program code be detected?
  24. Do internally developed programs have audit and security provisions, program specifications, program code documentation and a user’s manual?

    Backup, Recovery and Contingency Planning

  25. Are back computer files created at appropriate time intervals so that damaged or lost files can be easily reconstructed?
  26. Are at least 3 generations (grandparent, parent, and child) of backup computer files created and stored in a secure location?
  27. Are system files and templates backed up periodically as well as date files?
  28. Are the backup files secured from accidental or purposeful damage and/or unauthorized examination?
  29. If the department has a "key" computer and/or computer system, have contingency plans been made for emergency situations including hard disk “crashes” and central processing unit (CPU) failures?
  30. Has a supply of forms and system documentation been stored at an alternate location is case of natural disaster?

    Sensitive Data/Confidential Files

  31. Are floppy disks containing confidential files kept in a locked cabinet?
  32. If confidential files (personnel records, confidential correspondence, student records, etc.) are maintained on a hard disk, is access to the computer restricted:
  33. If confidential files are maintained on a network server:
  34. Have password management guidelines been disseminated to employees?

    Hardware

  35. Have Equipment Modification forms been obtained for all departmental computers used off-campus?
  36. Are add-in boards to computers cataloged?
  37. Are computers adequately secured from theft?
  38. Are administrative offices, faculty offices, and research and teaching laboratories locked during lunch hours or when unattended?
  39. Are computers protected with power filters or surge protectors?
[ Home Page ] [ What's New? ] [ Auditing ] [ Security ] [ Technologies ] [ Control ]

For comments or problems, please e-mail
Slemo Warigon lonestar@rain.org
or call (805) 893-3817.
Copyright © 1996 The WariNet Haven