You are on page 1of 7

Sr. No.

Category 1 General 2 General 3 General 4 General 5 General 6 Access to Programs and Data 7 Access to Programs and Data 8 Access to Programs and Data 9 Access to Programs and Data

10 Access to Programs and Data

11 Access to Programs and Data 12 Access to Programs and Data

13 Access to Programs and Data

14 Access to Programs and Data

15 Access to Programs and Data 16 Access to Programs and Data 17 Access to Programs and Data 18 Access to Programs and Data

19 Access to Programs and Data 20 Program Changes

21 Program Changes

22 Program Changes

23 Program Changes

24 IT Operations

25 IT Operations

26 IT Operations

27 IT Operations

28 IT Operations 29 IT Operations

30 IT Operations

Document Current IT Organization Chart Most current list of all active employees, their titles, department and hire date. We would prefer to have a softcopy version of this document. List of all active consultants/contractors, including start date and manager. We would prefer to have a softcopy version of this document. List of terminated employees from 01 April 2013 through to present (including their termination date). We would prefer to have a softcopy version of this document. List of new hires from 01 April 2013 present (including their hire date). We would prefer to have a softcopy version of this document. Information Security Policy/ ISMS Manual (if any) Screenshot for the availability of Information Security Policy/ ISMS Manual on the intranet (if any) Copy of the Information Security Awareness training (if any) System generated list of users granted access to data centers (hosting in scope applications) from 01 April 2013 till date.

System generated list of users having access to data centers (hosting in scope applications). System generated report from in scope applications for list of user accounts created during the year from 01 April 2013 till date. System generated report from Domain controller for list of users to whom access was granted from 01 April 2013 till date.

System generated list of users for whom access from in-scope applications was revoked during the year from 01 April 2013 till date.

Active users list for in scope applications along with roles granted.

Password policy configured on in scope applications and the domain controller. Report from SAP for configurations in RSPARAM. Extract of USR40 table from SAP. Report from SAP for configurations in RSUSR003. System generated list of users who have super user access (eg. SAP_ALL, Root Access) to the Applications in scope, their underlying database and the operating systems. Leeboy's Change Management policies and procedures. System generated list of all program changes (including emergency changes) made to the production environment for the in-scope applications from 01 April 2013 to present.

Screenshot of SAP Transport Route. Screenshot of Client configurations for Production, Development and Test environments for applications in scope.

System generated access list to t_codes SE01, SE06, SCC4, STMS users in SAP. Job Scheduling policies and procedures addressing processing requirements & instructions, error & recovery instructions, turnover, etc.

System generated list of current production jobs scheduled for the in scope applications. System generated access list (or screen shot) of personnel with administrative access to update, modify or delete job schedule within the inscope applications and/or job schedulers. Leeboys's Back-Up and Restoration policies and procedures addressing back-up requirements for in-scope applications, recover requirements and data retention periods). Leeboys' Incident Management Policy.

System generated list of incidents from 01 April 2013 to present

Proof File

Leeboy Personnel Responsible

Initial Request Date

Provided to KPMG Date

Comments/ Clarifications

You might also like