A PBX Audit Checklist

This list was compiled from a brave posting made on the CISSA's mailing list and then augmented with principles from Protection and Security on the Information Superhighway .

Part K - Legal Considerations

Check all that apply:

Members of legal staff are expert in areas of the law related to information technology.
Legal expertise includes in-depth background in:

Constitutional law (1st, 4th, 5th ammendments and others).
Laws affecting Federal Interest Computers.
Laws affecting employee monitoring.
State computer crime laws.
State Telecommunications Laws.
Federal communication laws.
FTC rulings, procedures, etc.
FCC rulings, procedures, etc.
Jurisdictional authorities for criminal acts.
Communications Act of 1934.
Privacy Act of 1974.
Foreign Intelligence Surveillance Act of 1978.
Electronic Communications Privacy Act of 1986.
Computer Security Act of 1987.
Communications Assitance for Law Enforcement Act of 1994.
Violent Crime control and Law Enforcement Act of 1994.
Applicable executive orders and federal regulations.
Regulatory agencies and their regulations.
Arms Export Control Act of 1968.
International Traffic in Arms Regulation (ITAR).
Executive Order 12333
Executive Order 12472

Employee agreements are checked for legal and liability requirements.
All agreements with vendors have been checked to conform with all corporate legal and liability requirements.
All maintenance agreements are signed and up-to-date.
Corporate policy, standards, procedures, and documentation has been checked by the legal department for issues that might result in liability and for enforcability.
Incident response plans have been checked by the legal department to assure that legal requirements are fulfilled in incident reponse for corporate liability limitation and for the ability to prosecute.
Legal requirements for insurance have been verified.
With maximum value of