Obtain a rundown of the documents that are sent external the organization, indicating the sort of help, the technique for conveyance, the substance that makes the shipment and the beneficiary.

• Make sure that all supports remembered for this rundown are additionally found in the stock of supports in point

Obtain a duplicate of the Media Input and Output Register and make sure that it incorporates:

• The backings remembered for the rundown in point 5.8. (also, the other way around)

• Developments of supports to outside capacity (if any)

Verify that the Entry and Exit Register mirrors the data expected by the Regulation:

• Support type

•             Date and Time

• Source/Receiver

• Number of supports

• Sort of data contained in the medium.

•             Transporting way

• Regular individual liable for gathering/conveyance

Analyze the systems for refreshing the Entry and Exit Registry comparable to the development of supports.

Analyze the controls to distinguish the presence of supports got/sent that are not enrolled in the Input/Output Register.

Check, if the Media Inventory as well as the Entry/Exit Registry are modernized, that reinforcement duplicates of them are made something like one time per week.

Compare the rundown of media sent external the organization in point 5.8. with the rundown of undeniable level documents acquired in Section 2.

• Confirm that all media containing documents with High level information are encoded

The examiner should initially decide the organization's approach in regards to testing with genuine information, and afterward dissect, in light of that arrangement, the guidelines and systems characterized and confirm their consistence azure security.

Determine regardless of whether the office's approach permits testing with genuine information.

Assuming that testing with genuine information is permitted:

Verify that the very controls and decides that are usable for the creation documents are likewise usable for the test climate records.

Analyze the methods for the test climate comparable to:

• Client ID and confirmation

•             Access control

• Secret word arrangements and greatest number of association endeavors

• Media Inventory

• Media input/yield record

•             Reinforcements

• Documents on media sent external the offices and encoded transmissions (assuming High Level records)

•             Occasion log

• Access Log

On the off chance that testing with genuine information isn't permitted:

Verify the sufficiency and operability of the most common way of "concealing" the personality of individuals.

Analyze the entrance privileges of individuals who perform application improvement/support assignments on creation records and data sets.

Verify, through inspecting, that the proof documents and data sets don't contain genuine information of recognized or recognizable people.


Analyze the methods for making reinforcement duplicates.

Verify that the strategies guarantee that a duplicate is made of all documents with individual information no less than one time each week. https://www.securitytaskforce.be/


Popular posts from this blog

Where he played for that club's different youth