9-4 Information Technology Professionals Policy - Section XV: Compliance Policy

Information Systems Department

What’s on this Page

Section XV: Compliance Policy

This Policy establishes the requirements for Policy compliance activities relevant to information security.

Security Process Review
Local Information Service Providers must regularly review security processes to ensure compliance with relevant security policies and standards.
Technical Compliance
Local Information Service Providers must regularly check information systems for compliance with security policies and standards, including but not limited to penetration tests and vulnerability assessments.
Independent Compliance Reviews
Independent reviews of information security should be regularly conducted.
Information Systems Audit Controls
1. Audit controls must be used in such a way to minimize risk of disruption to the production environment.
2. Access to audit tools must be limited to prevent misuse or compromise.