DRAFT – CFPB Compliance Audit Standards
Review written contingency plan to handle inventory in the event of a catastrophic occurrence. Review how often the contingency plan is reviewed and tested.
Disaster Recovery Plans
Review Disaster Recovery Plan.
Computer Data Security Badge Control Access
Ensure Certifications of Data Security Ensure appropriate access to the building and key areas. Ensure proper safeguards in place for IT systems.
Review system securities (SSAE-16, PCMI, etc.).
Onsite inspection to examine entries and badge access permitted. Review how many entries into building. Review badge access. Review the process for visitors. Review policy, visitor logs, badges issuance and access.
Review IT Room Checklist
Computer Room Inspection
Onsite inspection to examine access to the accounting area Review of written policies (safeguarding) Review how inventory is stored overnight Review types of security - physical security, locked fences, alarm systems, 24/7 surveillance etc. Review where keys and fobs stored. Review where titles secured. Who has access to these records? Are titles stored in fireproof cabinets or room? Review how many security cameras are being used. Review where the security cameras located. Review who has ability to view live feed. May the cameras be viewed remotely? If so, who has the ability? Review how long tapes are stored.
Physical & Data Security
Ensure access to accounting is limited to necessary personnel.
Access to Accounting and Inventory
Understand all software used by vendor with accounts Understand how Customer Data is backed up
Review list of software and hardware providers.
How, when and where is inventory data backed up.
Data Back-up / Redundancy
Made with FlippingBook