Step 7
Compliance with: policies, standards, and procedures
7.1 Regular Meetings With stakeholders such as data stewards, legal counsel, compliance officers public safety, public relations, and IT groups to review institutional risk and compliance and to revise existing policies and procedures as needed.
7.2 Utilizing Audit Function This can be either an internal audit departmental or external auditor.
7.3 Routine Scan's and Testing Computing Resources and Services Scan servers, desktops, mobil devices, and networks contain confidential data to verify compliance with institutional policy and standards. Test these devices for weakness in operating systems, applications, and encryption that could indicate that institutional procedures are not being followed properly.
- UWG Vulnerability Scanning Procedures and Guidelines
7.4 Routinely Monitor log files
7.5 Routinely Audit
7.6 Procurement Procedures and Contract
7.7 System Development Methodologies The prevention of new data handling problems from being introduced into the environment.
7.8 Implement Incident Response Policies and Procedures