Citation[]
Privy Council Office, Audit of Information Technology (IT) Security (Final Report) (Nov. 16, 2009) (full-text).
Overview[]
The objective of this internal audit was to assess the adequacy of information technology (IT) security in order to safeguard the Privy Council Office's (PCO's) information assets.
The audit scope involved an assessment of the IT security function at PCO, including its governance and policy framework; management and business procedures dealing with risk and vulnerability management; processes for handling incidents, business continuity, systems development, security assessments, operational controls over network access and protection, and physical security; and resources and overall staff awareness.