Access Rights and SAS70 audit - SAS 70
Home > IT Blogs > SAS 70 > Access Rights and SAS70 audit
>>VIEW ALL POSTS  

SAS 70

« Escalate, Escalate, ESCALATE! if you have been phishing! – SAS70
Third party agreements and SAS70 audit - SAS 70 »
Oct 21 2008   12:07AM GMT

Access Rights and SAS70 audit



Posted by: sas70expert
Third-party services, Auditing, Access, Access control, SAS 70

Access rights for current employees are essential for the completion of a successful audit. Your company should have a hiring and firing policy that is followed to the letter of the law. When an employee is hired or fired they should have an authorization process to add or delete from company systems or applications. It is essential that you educate your current employees, contractors, an third party users on this process on a continual basis.

 

Your company should company not only operating systems or applications, but physical access to company assets. Shared passwords or usernames should be immediately deactivated once an employee or third party leaves. When developing a policy for hiring or terminating consider:

 

1.       whether the termination or change of employment will be initiated by your or a third party

2.       the current responsibilities of the employee

3.       the value of the company assets or data that the employee has access too.

 

Without a good termination policy or checklist, you will have exceptions within your SAS 70 audit.   

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register