Back

Establish, implement, and maintain source document authorization tracking.


CONTROL ID
01262
CONTROL TYPE
Records Management
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain records management procedures., CC ID: 11619

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • There should be suitable interface controls in place. Data transfer from one process to another or from one application to another, particularly for critical systems, should not have any manual intervention in order to prevent any unauthorized modification. The process needs to be automated and prop… (Critical components of information security 11) c.27., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • CSR 7.1.1: The organization must pre-number source documents to maintain control over them and key source documents require authorizing signatures. CSR 7.1.2: The organization must keep a batch control sheet for groups of source documents that includes the date, a control number, the number of docum… (CSR 7.1.1, CSR 7.1.2, CSR 7.6.2, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Proper control of all source documents (e.g., checks for deposit) maintained throughout the daily processing cycle relative to: (App A Tier 2 Objectives and Procedures G.1 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • The organization should maintain a record of all payment orders, both incoming and outgoing. (Pg 19, FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004)
  • The organization shall have procedures and controls in place for carrying out authority checks to ensure that only authorized individuals are able to use the system, access the input or output devices for the operation or computer system, electronically sign a record, perform operations, or alter a … (ยง 11.10(g), 21 CFR Part 11, Electronic Records; Electronic Signatures)