The objective of this review is to provide management with an independent view that the systems operations are not subject to unacceptable or unmanaged computer risks. Where appropriate, risks are identified and appropriate recommendations are raised. Data security review looks at the following aspects.
- ICT environment and organizational structure.
- Adequacy of application software access controls.
- Effectiveness of data access controls for both staff and customers.
- Completeness and accuracy of data files.
- Effectiveness of operational controls,
- Segregation of duties within ICT infrastructure and data access authorization levels.