Old Dominion University
Information Technology Standard
09.3.0 IT Audit Standard
Date of Current Revision or Creation: | November 1, 2021 |
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
-
Purpose
The purpose of this standard is to define the information technology security audit requirements used by Old Dominion University.
-
Definitions
None
-
Standards Statement
Information security audit requirements define the steps necessary to assess whether information security controls implemented to mitigate risks are adequate and effective.
The University requires a risk-based audit program for the evaluation of IT systems conducted based on University Policy 3002 - Authority of the Internal Audit Department
The University has assigned an individual to be responsible for managing information security audits as the University Auditor.
-
Procedures, Guidelines & Other Related Information
University Policy 3002 - Authority of the Internal Audit Department
-
History
Date
Responsible Party
Action
October 2009
ITAC/CIO
Reaffirmed
October 2010
ITAC/CIO
Reaffirmed
October 2011
ITAC/CIO
Reaffirmed
October 2012
ITAC/CIO
Reaffirmed
December 2012
ITAC/CIO
Numbering revision
Revision of audit basis
August 2015 IT Policy Office/ISO Three year review; updated link. August 2018 IT Policy Office Link checked (definitions N/A) November 2021 IT Policy Office/ISO Three year review; wording and link checked.