General controls:
- Inventory Listing.
- HR Employee Listing.
- Access Group Listing.
- Access transaction Log.
A.Organization and Management:
- Organizational Chart.
- Vendor assessments.
B.Communications:
- Customer Contracts.
- System Descriptors.
- Policies and Technical specifications.
C.Risk Management and Design/Implementation of controls:
- IT Risk Assessment.
D.Monitoring of controls:
- Compliance Testing.
- Firewall monitoring.
- Intrusion Detection.
- Vulnerabilities management.
- Access Monitoring.
E.Logical and Physical Access controls:
- Employment Verification.
- Continuous Business Need.
F.System Operations
- Incident Management.
- Security Incident Management.
- Customer Security Incident Management.
- Customer Security Incident Reporting.
G.Change Management
- Change Management.
- Communication of changes.
H.Availability
- Capacity Management.
- Business Continuity.
- Backup or equivalent.