Information Technology Standard 09.3.0

IT Audit Standard


Date of Current Revision or Creation:ÌýNovember 1, 2021


The purpose of an Information Technology Standard is to specify requirements for compliance with Â鶹´«Ã½ Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

Purpose

The purpose of this standard is to define the information technology security audit requirements used by Â鶹´«Ã½.

Definitions

None

Standards Statement

Information security audit requirements define the steps necessary to assess whether information security controls implemented to mitigate risks are adequate and effective.

The University requires a risk-based audit program for the evaluation of IT systems conducted based on University Policy 3002 - Authority of the Internal Audit Department

The University has assigned an individual to be responsible for managing information security audits as the University Auditor.

Procedures, Guidelines & Other Related Information

History

Date

Responsible Party

Action

October 2009

ITAC/CIO

Reaffirmed

October 2010

ITAC/CIO

Reaffirmed

October 2011

ITAC/CIO

Reaffirmed

October 2012

ITAC/CIO

Reaffirmed

December 2012

ITAC/CIO

Numbering revision

Revision of audit basis

August 2015 IT Policy Office/ISO Three year review; updated link.
August 2018 IT Policy Office Link checked (definitions N/A)
November 2021 IT Policy Office/ISO Three year review; wording and link checked.
Ìý