Logical Access
These formal procedures ensure access to financial and grants management systems is properly requested, approved, and removed.
What are access management procedures?
This individual oversees the organization’s information security and must be independent of daily IT operations.
What is an Information Security Manager?
This documented matrix identifies roles that should never be combined to prevent fraud or errors.
What is an incompatible roles matrix?
This documented plan ensures an organization can restore critical systems and data after an unexpected outage or disaster.
What is a Disaster Recovery Plan?
This review ensures user access to financial and grants systems remains appropriate over time.
What is review of system access permissions?
These written guidelines define acceptable usage and agency-wide security responsibilities for all employees.
What are security policies?
This type of access control ensures that only authorized personnel can enter facilities housing computer resources or any location linked to those facilities.
What is restricting physical access?
From configuration files to network diagrams, this control ensures critical documents don’t fall into the wrong hands.
What is securing sensitive systems documentation?
This process ensures terminated users no longer retain system or database access.
What are procedures for user termination?
This process identifies vulnerabilities and threats to financial and grant management systems and is required for FTA compliance.
What is an IT Risk Assessment?
This type of review is performed periodically by management to confirm segregation controls are effective.
What is a periodic management review?
This independent audit report (often Type I or Type II) assesses a service provider’s internal controls.
What is a SOC Report?
These reviews help detect unauthorized activity in financial and grants systems—and guide what to do when it happens.
What is review of system audit logs?
These checks are mandatory for employees and contractors before granting access to critical systems.
What are background checks?
This principle ensures that critical financial processes like payment approval and system access are divided among multiple individuals.
What is segregation of duties?
This malicious action can involve ransomware, phishing, or other attempts to compromise systems and data.
What is a Cyber Attack?