Refer list below OPERATIONAL SECURITY CHECKLIST NOTE: THAT THIS LIST CANNOT BE CONSIDERED A TOTALLY COMPREHENSIVE CHECK LIST.
IT IS A GUIDE ONLY.
FOR MATTERS OF HIGH SECURITY IMPORTANCE CONSIDER SEEKING ASSISTANCE FROM EXTERNAL SPECIALIST ORGANIZATIONS. The Auditor can check for: Physical security measures and operational processes to protect information, software, hardware and personnel from either accidental or intentional harm. The use of information, software, and hardware is to be based on authorization from the service owner (in ITIL terms, this is the paying customer, not the end user).
The owner specifies who can have access, under what circumstances, and the type of access. The system of protection, authorization, and verification is to be tailored to the risks.
Unless precluded by safety considerations, individual accountability for the use of such resources is to be ensured, and there is to be verification that these resources are used only by authorized individuals. Building considerations Fire codes Security Guards Electrical standards Number and location of employee access points Access method (swipe card, visual recognition) Building recording systems Testing “politeness” – will people hold the door open for you if you pretend you have forgotten your card/will multiple people pass through a security door after it is swiped open by one person. Personal computer and workstation considerations Access to offices where equipment is located Employee guidelines issued and published regarding password and user-id security Locking of screens automatically after set period of inactivity
Read more about ITIL Terms : The use of information software and hardware is to be….: