A PBX Audit Checklist

This list was compiled from a brave posting made on the CISSA's mailing list and then augmented with principles from Protection and Security on the Information Superhighway .

Part J - Personnel Issues

Check all that apply:

Personnel with administrative access are cleared to the level of all information passing through the PBX.
All personnel with access to the PBX or connected equipment have signed employee agreements including PBX-related material.
Personnel relays changes in employee status and location to PBX maintainers in a timely fashion.
Personnel changes are reflected in PBX configuration in a timely fashion.
Separation of duties is used to assure that no PBX administrator's work is unchecked by other employees.
Adequate grievence procedures are in place to assure that challenges related to disgruntled employees in positions of trust can be addressed.
Pre-employment screening covers factors likely to make for good PBX administrators and those records are used as part of the effort to identify appropriate administrators.
Employee performance assessment procedures include protection-related performance.
Adequate greivance procedures are in place for PBX-related complaints to be settled appropriately.
Montioring issues related to PBX and telephone use are known and agreed to by employees.
With maximum value of