The purpose of this audit program is to review an organization’s system backup procedures.

This sample compliance work program can be modified for scope considerations that will depend on the extent of the softw...

The purpose of this work program is to determine whether the right security policies exist and determine if existing pol...

This document outlines steps to audit an organization’s data management process and includes a self-assessment questionn...

This document outlines risks and controls common to the "manage security and privacy" process in a risk control matrix (...

This document outlines steps to audit the process used to deploy software to desktop computers.

This issue of Board Perspectives: Risk Oversight articulates why it’s important to focus on protecting an organization’s...

This sample IT application management audit work program is designed around key risk indicators of potential problems.

In this issue of Board Perspectives: Risk Oversight, we present four considerations for managing cybersecurity risk.

The purpose of this policy is to define the roles, activities, and responsibilities of administrators with regard to acc...

The following sample policy outlines a set of policies and procedures governing user authentication and authorization an...

This sample outlines a set of policies and procedures designed to provide an orderly process in which changes to a compa...