A PBX Audit Checklist

This list was compiled from a brave posting made on the CISSA's mailing list and then augmented with principles from Protection and Security on the Information Superhighway .

Part I - Physical Protection

Check all that apply:

The PBX is located in a secured area.
All phones with administrative access are located in a secured area.
All wire closets are locked.
Wire closet access is controlled and monitored.
All conduits with phone lines are secured.
All of the people with physical access are trusted.
All vendor personnel are escourted at all times.
All maintenance personnel and craftspeople are escourted when in secured areas.
There is fire suppression equipment installed in all secure areas.
Fire suppression equipment is regularly tested
Backups are secured to the same extent as the systems they back up.
Cables entering and leaving the PBX or equipment room pass through firestop material.
Power circuits are clearly marked and in secured areas.
Periodic testing for listening devices is done by people with adequate expertise.
With maximum value of