Skip to Content

9-4 Information Technology Professionals Policy - Section XV: Compliance Policy

Information Systems Department

XV. Compliance Policy

This Policy establishes the requirements for Policy compliance activities relevant to information security.

  1. Security Process Review
    Local Information Service Providers must regularly review security processes to ensure compliance with relevant security policies and standards.
  2. Technical Compliance
    Local Information Service Providers must regularly check information systems for compliance with security policies and standards, including but not limited to penetration tests and vulnerability assessments.
  3. Independent Compliance Reviews
    Independent reviews of information security should be regularly conducted.
    1. Information Systems Audit Controls
      1. Audit controls must be used in such a way to minimize risk of disruption to the production environment.
      2. Access to audit tools must be limited to prevent misuse or compromise.

    Back to top