 |
||
 |
||
 |
Services |
|
|
|
||
|
|
||
 |
|
 |
| ISS News: Audit Policy An audit in ISS parlance is when a ISS Technician visits an office or lab in a department, center, or school to inventory the computer equipment in that location. An audit is triggered when, through the normal course of business, an ISS Technician discovers there are discrepancies appearing in the ISS Computer Bank DataBase (CBDB). Audits can also be done routinely as needed. A unit in the College can request an audit if they feel the CBDB does not accurately represent their inventory. Deputies have access to the CBDB via a web browser. When the errors in the CBDB reach a critical level, they impact the technician’s ability to efficiently process service requests. At that time, it is important not only to ISS but also to the units we service to correct these errors. Ultimately these errors affect the costs of doing business which impacts all of us. The data in the CBDB has been used by PSU Computer Security to investigate security incidents, thus its accuracy is vital. What causes errors in the CBDB?
The best way to correct these errors and “clean up” the CBDB is to conduct an audit. How are audits arranged? The deputies are the “eyes and ears” of ISS in the college. We rely on them to circulate information on ISS activities and other computer related items of interest that we bring to their attention. All audits are scheduled in advance in consultation with the deputy of the affected area. The deputy should then notify the employees in their area of the audit. Unless there is reason to schedule an audit during core hours (8 AM – 5 PM), audits are conducted off hours to minimize disruption to college employees. Is ISS allowed to enter offices and labs in the college unannounced? ISS holds responsibility in part for the College’s adherence to PSU Computer Security Policies. ISS has the right to enter an office or lab “without prior notice to the user,” if there is cause for concern. PSU Policy AD20 Computer and Network Security gives broad powers to college computer support groups like ISS. Policy AD20 is the prime motivator by which we decide if entry to an office or lab is warranted. If we suspect that there are violations of this policy, we must make unannounced visits. History shows that if we announce our intentions, the violators will remedy the situation prior to our visit. We value your privacy and carefully consider the effects of unannounced visits. These visits are discussed and planned in detail prior to their execution. What can I expect when an ISS Technician arrives in my area for an audit? A knock on your door. If there is no answer, the technician will enter the office using a master key. If there is an answer, the technician will identify him or herself and state the intentions of their visit. If you are using one of the computers in the area at that time, it will be necessary for you to take a short break while the technician gathers data from the PC. This should be a short interruption in your day - a few minutes at most. They are either looking for a match with what the CBDB is listing or they are noting specifics of the PC if it is not in the CBDB. This data will then be analyzed and changes will be incorporated in the CBDB. There are students/faculty that provide some or all of the computer support services in my unit. How can they assist in maintaining accuracy of the CBDB? Anytime an ISS tagged device (computer or printer) is altered or moved, a service request should be filed by your deputy with ISS. Changes noted on the service request form will then be entered in the CBDB. Without this information, there is no mechanism for these changes to make their way back to ISS and to the CBDB. ISS highly discourages making changes to ISS tagged equipment without a service request being submitted. The potential for creating a computer security incident is heightened when this type of work is performed by unauthorized individuals. If an incident occurs, the responsible individual for that office or lab will be held accountable. You can find the actual audit policy here.
|
||
