The organization will ensure critical data files identified as a part of the asset audit plan. [UCF ID 01260]
Supporting and supported controls
This control directly supports:
• Maintain asset discovery audit trails [UCF Common Control ID 00689]
This control has the following supporting controls:
There are no supporting controls.
Authority documents complied with:
Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 Sched 1 Para 112, Sched 4 Para 6, Sched 11A Para 2; FFIEC IT Examination Handbook – Business Continuity Planning Pg G-7; FFIEC IT Examination Handbook – Operations Pg 29, Exam Tier I Obj 6.3; The Standard of Good Practice for Information Security UE3.1.1, UE3.1.2, UE3.1.3, UE3.1.4; Security Self-Assessment Guide, NIST SP 800-26 Q 9.1.1
Banking and Finance Guidance
The FFIEC IT Examination Handbook – Business Continuity Planning Pg G-7 states that the organization should maintain comprehensive inventories of all assets.
Asia and Pacific Rim Guidance
Sched 1 Para 112, Sched 4 Para 6, Sched 11A Para 2 of Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 states that a list of all registered audit companies must be kept by the auditing commission and must include the name and address of the company, the name and address of each director of the company, any restrictions on the company, and details of any suspensions the company has or has had. The organization is required to keep a register containing the name of each shareholder and note when the information was entered into the register. The organization is required to keep a register of information about persons' relevant interests.
Metrics
The metrics associated with this control are as follows:
• Report on the percentage of scheduled asset inventories that occurred on time [UCF Common Control ID 02055]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.