29 Examples of IT Controls
John Spacey, updated on May 25, 2023
IT controls are procedures, policies and activities that are conducted to meet IT objectives, manage risks, comply with regulations and conform to standards. Controls can be automated or human activities or some combination of the two. They can be driven by requirements, processes, calendars or events. Controls can be high level management practices or low level and specific. The following are a few illustrative examples of IT controls.
Audit LogA system logs the IP of all user requests together with a timestamp and other relevant data.
TrainingCompliance training for all new IT staff within six months of hire with refresher courses every 3 years.
Source ControlAll source control repositories backup up on a nightly basis and retained.
Source Control (2)Developers check in code on a daily basis.
Change ManagementRequests to make changes to systems are entered into a change request system.
Change Management (2)An expedited change request process is available for emergency changes that requires approval of senior managers.
Segregation of DutiesA person involved in writing code can't be the one to sign off on software quality assurance.
Capacity ManagementA web server sends out warnings when its disk is near capacity.
Application HealthAn application health check is conducted each year to identify risks related to legacy applications such as inability to scale to business volumes.
Physical SecurityEmployees maintain a clean desk and lock computing devices when unattended.
Physical Security (2)Employees are trained to report suspicious activities as a matter of precaution.
Information SecurityA tool is deployed to automatically filter suspicious emails.
Information Security (2)Employees immediately call service desk for support if they sense that any email or other communication such as a voice mail is remotely suspicious.
Information Security (3)Changing a firewall rule requires a change request that is approved by network security teams.
Incident ManagementError logs of major applications are monitored for severe errors. An incident ticket is automatically created when such errors occur.
Incident Management (2)Application owners maintain a list of errors that require an incident ticket.
Problem ManagementA root cause analysis is performed for all significant incidents and problem tickets created as required.
Knowledge ManagementAll documents are checked into a knowledge management repository. Sending documents as attachments or creating shared file areas is disallowed.
Knowledge Management (2)A version history is maintained for all documents.
RecruitingAs a policy, IT managers have a representative from HR and two other IT managers interview candidates before hiring. Each interviewer can veto the selection with a process whereby they defend the veto.
Recruiting (2)Managers who hire a friend, former colleague or relative disclose the relationship to HR.
Input ValidationAn equity trading application validates input and stops trades where it looks like a limit price is too far from the current market price.
Access ControlEmployees logon to a system using two-factor authentication.
Antivirus SoftwareAntivirus software is deployed on computing devices.
Risk ManagementProjects identify and manage risks on an ongoing basis from project initiation.
Lessons LearnedProjects perform a lessons learned activity at close.
Application OwnersEach significant application, service and platform has a named owner.
ComplianceAny employee can submit a concern to IT Governance by a clearly defined process that protects them from reprisal.
CommunicationsA policy preventing unapproved communications tools from being used to transmit business related information.Next read: Examples of Internal Controls
Common types of IT control:
If you enjoyed this page, please consider bookmarking Simplicable.
An overview of IT controls with examples.
An overview of audit trails.
A definition of non-repudiation with several common examples.
The definition of business rules with examples.
An overview of control with examples.An overview of IT asset management. A reasonably comprehensive list of information technologies.
A list of gamification techniques. A list of common IT problems.
The basic types of cloud computing.
The common types of machine data.The common types of software.
A definition of proprietary technology with examples.
The common elements of a systems design.
The difference between systems and applications explained.
TrendingThe most popular articles on Simplicable in the past day. Recent posts or updates on Simplicable. Site Map