IT Audit Standard
Date of Current Revision or Creation:ÌýNovember 1, 2021
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion 91¶ÌÊÓƵ Information Technology policies, other 91¶ÌÊÓƵ policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to define the information technology security audit requirements used by Old Dominion 91¶ÌÊÓƵ.
Definitions
None
Standards 91¶ÌÊÓƵment
Information security audit requirements define the steps necessary to assess whether information security controls implemented to mitigate risks are adequate and effective.
The 91¶ÌÊÓƵ requires a risk-based audit program for the evaluation of IT systems conducted based on 91¶ÌÊÓƵ Policy 3002 - Authority of the Internal Audit Department
The 91¶ÌÊÓƵ has assigned an individual to be responsible for managing information security audits as the 91¶ÌÊÓƵ Auditor.
Procedures, Guidelines & Other Related Information
History
|
Date |
Responsible Party |
Action |
|
October 2009 |
ITAC/CIO |
Reaffirmed |
|
October 2010 |
ITAC/CIO |
Reaffirmed |
|
October 2011 |
ITAC/CIO |
Reaffirmed |
|
October 2012 |
ITAC/CIO |
Reaffirmed |
|
December 2012 |
ITAC/CIO |
Numbering revision Revision of audit basis |
| August 2015 | IT Policy Office/ISO | Three year review; updated link. |
| August 2018 | IT Policy Office | Link checked (definitions N/A) |
| November 2021 | IT Policy Office/ISO | Three year review; wording and link checked. |