Contingency Planning and Business Recovery Program IT Security Audits

Technology Standard

Contingency Planning and Business Recovery Program

IT Security Audits

Version: 1.0
Status: Approved: 02/21/07
Contact: Director, Technology Services and Director, Internal Audit

PURPOSE

The IT Security Audit standard outlines the steps necessary to assess whether IT security controls implemented to mitigate risks are adequate and effective.

SCOPE

The IT Security Audit Standard for Information Technology Systems covers all VCCS and college applications and systems classified as sensitive.

APPLICABILITY

The IT Security Audit Standard is applicable to the System Office and all Colleges.

STANDARD

The VCCS Vice Chancellors and College Presidents are responsible for appointing an individual to be responsible for managing IT Security Audits. This individual will serve as the primary point of contact for all IT audits and will work with the System Office Chief Information Security Officer and the Director of Internal Audit to ensure full compliance with COV ITRM Standard SEC502-00.

RELATED LINKS

Information Technology Audit Plan

Return to Information Security Program