Checklists

Download free SAS 70 (Statement on Auditing Standards no 70) for Data Center Physical Security Checklist. This checklist could be used to assess whether your Data Center already have enough security level against threat. This checklist cover access control

Basically to build to good and easy to be accepted IT Security Masterplan, we should cover every IT area. Here is simple checklist to build a sound good IT Security Masterplan

IT Policies

• Education and awareness programs.
• Badge wearing.
• Clean desk policy.
• Visitor and contractor controls.
• Employee involvement and responsibilities.
• When and how to have armed off-duty police officers onsite.

IT Investigations

• Use of hidden cameras along with determining who should be involved in the decision to use them.
• Use of a polygraph for interrogations.
• Whether or not to prosecute employees or others when a crime has been committed (even a minor crime).

Technology

• What technologies might be utilized in the future and when, where, and why

Two rules were published in the Federal Register by the Department of Health and Human Services after HIPAA was passed. The HIPAA Privacy Rule was published in December 2000, and the HIPAA Security Rule was published in February 2003.

The HIPAA Privacy Rule is focused mostly on administrative controls designed to protect patient privacy, such as securing or masking medical charts, locking file cabinets, and establishing privacy policies. The HIPAA Privacy Rule was enforced beginning April 2003.

1. Ascertain which REACH requirements will affect your products, customers, and suppliers

2. Implement structures to guarantee executive responsibility and accountability

3. Create a fund to handle your compliance response

4. Decide which products you intend to pre-register well before the June 2008 deadline

5. Define your research and development efforts to accord with REACH so that you can transition to alternate substances should any products be threatened by blacklisting

General background information on the company
An organizational chart for the management of the facility
A copy of the post orders
A copy of the site security manual
Blueprints of the facilities to be reviewed
Copies of any security-related procedures or practices, including information protection
Copies of incident reports for the past two years
Copies of any incident summary or analysis data
Copies of any crime statistic data on hand
A copy of the contract guard contract, if applicable
A copy of any other security-related contracts, such as confidential destruction

Source: Timothy D Giles, IT Security Master Plan