9-4 Information Technology Professionals Policy - Section XV: Compliance Policy
What’s on this Page
Section XV: Compliance Policy
XV. Compliance Policy
This Policy establishes the requirements for Policy compliance activities relevant to information security.
- Security Process Review
Local Information Service Providers must regularly review security processes to ensure compliance with relevant security policies and standards.
- Technical Compliance
Local Information Service Providers must regularly check information systems for compliance with security policies and standards, including but not limited to penetration tests and vulnerability assessments.
- Independent Compliance Reviews
Independent reviews of information security should be regularly conducted.
- Information Systems Audit Controls
- Audit controls must be used in such a way to minimize risk of disruption to the production environment.
- Access to audit tools must be limited to prevent misuse or compromise.