SAS 70

Aug 6 2008   6:35PM GMT

Face up to Biometrics for your SAS70 audit (SAS 70)



Posted by: SAS70ExPERT
Tags:
Access
Access control
Auditing
CIO
Compliance
DataCenter
Identity & Access Management
SAS 70
Security
Security management
Security Program Management
Security tokens
Third-party services

Biometric systems are used today not only at your Data center/ co-location facility, but for plain ole’ laptop access. Finger, hand and thumb prints provide you access to all your critical data. In addition, iris/retinal scans and other facial recognition scans provide the credentials required to prevent forgery. What are you using within your Company?

 

For a SAS 70 audit, critical areas to review related to biometrics are:

1)       enrollment process for a new user

2)       accuracy and monitoring of the biometric device

3)       termination of users

 

During enrollment, an individual’s biometric template is created in a database. Make sure you have a documented process for adding and authorizing new users to the database. You must know who may authorize access, and how much access to give the new employee.  

 

Determine the accuracy and monitoring of biometric usage. Review who has used the biometric device, by reviewing the logs an identifying any unusual activity. For example, if you note that Bob has entered the facility 3 times and there is no exit  – then your device may not be working properly.

 

Last, if Adam quits or Alice is fired, then how do you know to delete her credentials from the system? Make sure Human Resources has a policy to notify you immediately when a person needs to be removed from the system. IT should have a checklist of items/inventory to be returned when employee exits and the form should include a sign-off to indicate removal from the biometric device. Sas70expert@gmail.com

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: