A PBX Audit Checklist

This list was compiled from a brave posting made on the CISSA's mailing list and then augmented with principles from Protection and Security on the Information Superhighway .

Part B - Protection Policy

Check all that apply:



There is a written policy on phone and PBX use.
The PBX policy is agreed to and signed by all employees and others with access to the facilities.
The PBX policy includes information on disputes, how they are settled, and the appeals process, and has been approved by the legal team for use.
The PBX policy explicitly includes the requirements for integrity, availability, and confidentiality protection in the PBX, and directly addresses liability.
The PBX policy includes specific guidelines on acceptable and unacceptable use of telecommunications within the organization, and specifies how uses explicitly not covered by the policy are dealt with.
The PBX policy identifies the person(s) or position(s) responsible for telephone usage.
With maximum value of