Overview

X

Scope

Applies to all Ops staff.

General Policy

X

Audit

IT staff shall perform a semi-annual audit on key assets. Evidence of said audit shall be kept on file. Reference AU_0002_Vulnerability.

Related SOPs

  • SOP_0002_Vulnerability_Scans

Notes

Must include network layer scan
Must include application layer scan
Must include OS level scan
Make results available to customers
Patch management: OS, application, network (AWS), physical devices (AWS) - reference patch management policy
Do you inform customers (tenant) of policies and procedures and identified weaknesses if customer (tenant) data is used as part the service and/or customer (tenant) has some shared responsibility over implementation of control? - YES
Quarterly vulnerability scans. Results are posted to repository