Académique Documents
Professionnel Documents
Culture Documents
IT ENVIRONMENT DOCUMENT
Purpose of Document
This is a PLANNING document that is intended to provide a high level overview of the general IT environment. It is important to note that the work documented is NOT sufficient, by itself, to
conclude that IT controls are operating effectively.
Template 1.3
1 of 9
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.1
0
1.11
1.1
2
Documentation
Application Name:
Template 1.3
2 of 9
Template 1.3
Documentation
3 of 9
2.2
2.3
Documentation
Template 1.3
4 of 9
3. Business Continuity
Client Contact(s):
#
Points of Focus
3.1 Has the organization addressed business continuity
planning and disaster recovery planning issues?
3.2 Has management put in place a system to test these
plans on a periodic basis? When was it last tested?
3.3 Does management have a formal process regarding the
backup of financial information (i.e. backup frequency,
backup testing, retention period and storage location)?
Template 1.3
Documentation
5 of 9
4. Information Security
Client Contact(s):
#
Points of Focus
4.1
How does management ensure that Access to the IT
environment (e.g., database, network, operating
system, hardware or applications) are managed
appropriately?
4.2
Does the organization have a security policy?
4.3
Who is responsible for administering the security policy?
4.4
How is the policy communicated to employees and
contractors and enforced?
4.5
How does management ensure that users receive
appropriate education and training on information
security?
4.6
When was the most recent Threat and Risk Assessment
(TRA) done?
Template 1.3
Documentation
6 of 9
Template 1.3
Documentation
7 of 9
Template 1.3
Documentation
8 of 9
7. Network Support
Client Contact(s):
#
Points of Focus
7.1 Does the organization have a network diagram? When
was it last updated?
7.2 What process is in place to maintain the network
diagram (e.g., owner, frequency?)
Template 1.3
Documentation
9 of 9