M1.3.1 - AUTHORIZATION PROCESS FOR INFORMATION SYSTEMS Implementation Guidance
The entity shall establish a management authorization process for new information systems.
Back to M1.3.1 - P2 - AUTHORIZATION PROCESS FOR INFORMATION SYSTEMS
The following guidelines should be considered for the authorization process:
- A. New facilities should have appropriate user management authorization, authorizing their purpose and use. Authorization should also be obtained from the manager responsible for maintaining the local information system security environment to ensure that all relevant security policies and requirements are met;
- B. Where necessary, hardware and software should be checked to ensure that they are compatible with other system components;
- C. The use of personal or privately owned information systems, e.g. laptops, home-computers or hand-held devices, for processing business information, may introduce new vulnerabilities and necessary controls should be identified and implemented.
Back to M1.3.1 - P2 - AUTHORIZATION PROCESS FOR INFORMATION SYSTEMS
