9-4 Information Technology Professionals Policy - Section XV: Compliance Policy
Return to Information Technology Professionals Policy Table of Contents
What’s on this Page
Section XV: Compliance Policy
Read next: Appendix A – Information Security Laws and Standards
XV. Compliance Policy
This Policy establishes the requirements for Policy compliance activities relevant to information security.
- Security Process Review
Local Information Service Providers must regularly review security processes to ensure compliance with relevant security policies and standards.
- Technical Compliance
Local Information Service Providers must regularly check information systems for compliance with security policies and standards, including but not limited to penetration tests and vulnerability assessments.
- Independent Compliance Reviews
Independent reviews of information security should be regularly conducted.
- Information Systems Audit Controls
- Audit controls must be used in such a way to minimize risk of disruption to the production environment.
- Access to audit tools must be limited to prevent misuse or compromise.