Content library
TISAX: Information security
5.2.6: IT System Management

How to fill the requirement

TISAX: Information security

5.2.6: IT System Management

Task name
Priority
Status
Theme
Policy
Other requirements
Protection of data systems during audit-related testing
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
2
requirements

Task is fulfilling also these other security requirements

8.34: Protection of information systems during audit testing
ISO27k1 Full
5.2.6: IT System Management
TISAX
1. Task description

Reviews and other verification actions e.g. during audits, that target data systems, must be planned in advance and agreed with the appropriate testers and management. This aims to minimize the impact of actions on operational processes.

When planning practices, the following points must be taken into account:

  • inspection requests are approved with the appropriate responsible person
  • the scope of technical tests is agreed in advance and their the implementation is monitored
  • tests are restricted to read-only use as far as possible or are only implemented by experienced system administrators
  • fulfilment of security requirements is ensured in advance on devices that require access to systems
  • tests that may affect the availability of important systems, are performed outside office hours
  • the actions taken during the inspections and the access rights granted for them are recorded in a log
Defining IT system auditing requirements
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
1
requirements

Task is fulfilling also these other security requirements

5.2.6: IT System Management
TISAX
1. Task description

The organisation must have a defined requirements for conducting audits on IT systems or for a service conducting the audit. In addition the following must be taken into account:

  • Definition of scope of system audit in a timely manner
  • The audits must be coordinated with the operators and users of the system
  • The audit results are stored in a traceable manner and reported to relevant management
  • The results must be analyzed to derive new measures based on the results
No items found.