Scenario 9: OpenTech provides IT and communications services. It helps data communication enterprises and
network operators become multi-service providers During an internal audit, its internal auditor, Tim, has
identified nonconformities related to the monitoring procedures He identified and evaluated several system
Invulnerabilities.
Tim found out that user IDs for systems and services that process sensitive information have been reused and
the access control policy has not been followed After analyzing the root causes of this nonconformity, the
ISMS project manager developed a list of possible actions to resolve the nonconformity. Then, the ISMS
project manager analyzed the list and selected the activities that would allow the elimination of the root cause
and the prevention of a similar situation in the future. These activities were included in an action plan The
action plan, approved by the top management, was written as follows:
A new version of the access control policy will be established and new restrictions will be created to ensure
that network access is effectively managed and monitored by the Information and Communication Technology
(ICT) Department
The approved action plan was implemented and all actions described in the plan were documented.
Based on this scenario, answer the following question:
OpenTech has decided to establish a new version of its access control policy. What should the company do
when such changes occur?
© Copyrights Dumpscity 2024. All Rights Reserved
We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.