template

Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Basic review of data flow diagrams
- Has a system boundary been included in the diagram?
- Are all data sources and recipients external to the boundary?
- Does each process name start with a strong verb, and include a noun that the verb acts upon?
- Has the location part of the process symbol been specified in physical system diagrams, and left blank in logical system diagrams?
- Does each process have input and output data flows?
- Is there an input and output to every data store (if data stores are duplicated then this may occur at different places in the DFD set)?
- Data stores should only be connected to processes (by data flows)?
- Have the data store reference letters been correctly defined, i.e.

Download Free Due Diligence Checklist Templates

A- Identification of the Company
1. Corporate name
2. Address
3. Mailing address
4. Main telephone number
5. Main telecopier number
6. Main e-mail address
7. Other (specify):

B- Identification of the Authorized Representative
8. Salutation (Mr., Ms.)
9. Representative's first name
10. Initial(s)
11. Representative's family name
12. Position held
13. Telephone number (direct line)
14. Telephone number (general)
15. Mobile telephone number
16. Pager number
17. Telecopier number
18. E-mail address (office)
19. Telephone number (residence)
20. E-mail address (residence)
21. Other (specify):

Download Free IT Risk Analysis Templates

Risk 1: Data corruption through loss or alteration of data without the application’s knowledge and consent
Source:
1. Faulty hardware (bit loss or incorrect ordering)
2. Software bugs (unexpected conditions reached and responded to incorrectly)
3. User or IT administrator error (accidental file deletion)

Risk 2: Downtime and/or data corruption through application errors

Download Free SAS 70 (Statement on Auditing Standards no 70) Service Auditor’s Opinion Templates


To XYZ Service Organization:
We have examined the accompanying description of controls related to the ABC application of XYZ Service Organization. Our examination included procedures to obtain reasonable assurance about whether
(1) The accompanying description presents fairly, in all material respects, the aspects of XYZ Service Organization’s controls that may be relevant to a user organization’s internal control as it relates to an audit of financial statements,

(2) The controls included in the description were suitably designed to achieve the control objectives specified in the description, if those controls were complied with satisfactorily, and

(3) Such controls had been placed in operation as of .