IT Audit Standard
Date of Current Revision or Creation:ÌýNovember 1, 2021
The purpose of an Information Technology Standard is to specify requirements for compliance with Â鶹´«Ã½ Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to define the information technology security audit requirements used by Â鶹´«Ã½.
Definitions
None
Standards Statement
Information security audit requirements define the steps necessary to assess whether information security controls implemented to mitigate risks are adequate and effective.
The University requires a risk-based audit program for the evaluation of IT systems conducted based on University Policy 3002 - Authority of the Internal Audit Department
The University has assigned an individual to be responsible for managing information security audits as the University Auditor.
Procedures, Guidelines & Other Related Information
History
Date |
Responsible Party |
Action |
October 2009 |
ITAC/CIO |
Reaffirmed |
October 2010 |
ITAC/CIO |
Reaffirmed |
October 2011 |
ITAC/CIO |
Reaffirmed |
October 2012 |
ITAC/CIO |
Reaffirmed |
December 2012 |
ITAC/CIO |
Numbering revision Revision of audit basis |
August 2015 | IT Policy Office/ISO | Three year review; updated link. |
August 2018 | IT Policy Office | Link checked (definitions N/A) |
November 2021 | IT Policy Office/ISO | Three year review; wording and link checked. |