29 Examples of IT Controls John Spacey, updated on
IT controls are procedures, policies and activities that are conducted to meet IT objectives, manage risks, comply with regulations and conform to standards. Controls can be automated or human activities or some combination of the two. They can be driven by requirements, processes, calendars or events. Controls can be high level management practices or low level and specific. The following are a few illustrative examples of IT controls.
Audit LogA system logs the IP of all user requests together with a timestamp and other relevant data.TrainingCompliance training for all new IT staff within six months of hire with refresher courses every 3 years.Source ControlAll source control repositories backup up on a nightly basis and retained.Source Control (2)Developers check in code on a daily basis.Change ManagementRequests to make changes to systems are entered into a change request system.Change Management (2)An expedited change request process is available for emergency changes that requires approval of senior managers.Segregation of DutiesA person involved in writing code can't be the one to sign off on software quality assurance.Capacity ManagementA web server sends out warnings when its disk is near capacity.Application HealthAn application health check is conducted each year to identify risks related to legacy applications such as inability to scale to business volumes.Physical SecurityEmployees maintain a clean desk and lock computing devices when unattended.Physical Security (2)Employees are trained to report suspicious activities as a matter of precaution.Information SecurityA tool is deployed to automatically filter suspicious emails.Information Security (2)Employees immediately call service desk for support if they sense that any email or other communication such as a voice mail is remotely suspicious.Information Security (3)Changing a firewall rule requires a change request that is approved by network security teams.Incident ManagementError logs of major applications are monitored for severe errors. An incident ticket is automatically created when such errors occur.Incident Management (2)Application owners maintain a list of errors that require an incident ticket.Problem ManagementA root cause analysis is performed for all significant incidents and problem tickets created as required.Knowledge ManagementAll documents are checked into a knowledge management repository. Sending documents as attachments or creating shared file areas is disallowed.Knowledge Management (2)A version history is maintained for all documents.RecruitingAs a policy, IT managers have a representative from HR and two other IT managers interview candidates before hiring. Each interviewer can veto the selection with a process whereby they defend the veto.Recruiting (2)Managers who hire a friend, former colleague or relative disclose the relationship to HR.Input ValidationAn equity trading application validates input and stops trades where it looks like a limit price is too far from the current market price.Access ControlEmployees logon to a system using two-factor authentication.Antivirus SoftwareAntivirus software is deployed on computing devices.Risk ManagementProjects identify and manage risks on an ongoing basis from project initiation.Lessons LearnedProjects perform a lessons learned activity at close.Application OwnersEach significant application, service and platform has a named owner.ComplianceAny employee can submit a concern to IT Governance by a clearly defined process that protects them from reprisal.CommunicationsA policy preventing unapproved communications tools from being used to transmit business related information.IT Control ExamplesThis is the complete list of articles we have written about it control examples.If you enjoyed this page, please consider bookmarking Simplicable.
IT Control ExamplesAn overview of IT controls with examples.Audit Trail
An overview of audit trails.
Non-repudiation
A definition of non-repudiation with several common examples.
Business Rules
The definition of business rules with examples.
Control
An overview of control with examples.
IT Asset ManagementAn overview of IT asset management.Types of TechnologyA reasonably comprehensive list of information technologies.
GamificationA list of gamification techniques.Information Technology ProblemsA list of common IT problems.Types Of Cloud
The basic types of cloud computing.
Machine Data
The common types of machine data.
Types Of SoftwareThe common types of software.Proprietary Technology
A definition of proprietary technology with examples.
Systems Design
The common elements of a systems design.
Systems vs Applications
The difference between systems and applications explained.
TrendingThe most popular articles on Simplicable in the past day.New ArticlesRecent posts or updates on Simplicable. Site Map
Creativity
Cryptography Data Design Design Thinking Governance Information Security Information Technology Infrastructure Knowledge Management Management Metrics Organizational Culture Problem Solving Productivity Project Management Quality Risk Management Science Systems Thinking Talent Technology Usability More ...
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited. View credits & copyrights or citation information for this page. |