Title Page
-
Site conducted
-
Record No. (Year/Audit No.)
-
Process map No. and Title
-
Conducted on
-
Auditee
-
Department
-
Audit Location
-
Auditor
-
Job/Document/Individual Audited following the process map
Change Control
-
What change/new installation to our systems are you reviewing?
-
Has a business case been proposed - set out?
-
This could be in an email, a formal document or outlined in a company objective - which is then discussed in a meeting
-
Is IT Support assistance required?
-
Has the original business case been approved by a Director and the Procurement Manager
-
This can be a verbal agreement to proceed on the back of a meeting. Written proof would be ideal.
-
Has an external consultant been approached and engaged with?
-
They may not be required but in this case the consultant would be our IT team.
-
Has a risk assessment been completed?
-
This could be a company risk assessment, on the ISO documentation or a standalone document
-
Was this software stand alone and brand new or an upgrade to current software?
-
If new software, and is standalone to any current system, the fallback would be delete the installation and remove all access to that section of the server.
-
If the current system is being upgraded was a fall back system put in place?
-
If a there could be a large business impact has the Emergency Management Group from the company Business continuity plan been notified?
-
Has the software got a new version number?
-
Was external access to our server granted by our IT Support Provider?
-
Was the details of this access added to Information Asset log ADM059?
-
Was a timeframe allocated to this access?
-
Was an internal testing team created and asked to participate?
-
A group of internal HB projects employees to test the system and give feedback
-
Was approval from the relevant departments given before the release of the software?
-
Your looking to see if the departments who would be relevant to this project were fully involved
-
Was written communication issued to those affected when ready to launch?
-
This evidence should be saved in LINK
-
Guidance given on how to use the system and support provided?
-
Feedback received and reacted upon where relevant?
-
Auditor
-
Auditee