A PBX Audit Checklist

This list was compiled from a brave posting made on the CISSA's mailing list and then augmented with principles from Protection and Security on the Information Superhighway .

Part 1 - Protection Management

Check all that apply:


There is a particular person or group responsible for maintaining and operating the equipment.
Maintenance agreements are the most cost effective agreements available for the level of service required.
Top management is briefed at least once per year on PBX protection issues, detected fraud levels, current PBX protection, and similar issues as related to comperable industries.
Line managers are aware of their PBX usage and usage patterns and know about their responsibilities with respect to PBX protection and telephone charges.
PBX protection is a line item within Information Security or Telecommunications in the budget and is adequate to cover all costs of PBX protection.
With maximum value of