Testing Starter Kit
Get my controls testing kit
Hyperproof can automate controls testing on your behalf.
Being able to automate a control test means that after initial set up, all activities – including the extraction of relevant data and evidence for testing, initiating the test, generating the test result, and triggering follow-on communication based on the test result (e.g. Assigning a task to a control owner to do something about a control) – are all automatically performed by software.
We’ve created this Automated Controls Testing Starter Kit to help you identify useful controls to automate and show you how to set up these tests in Hyperproof.
Here are the controls included in this starter control test kit:
Ensure that employees and contractors get access to company systems in a controlled manner (e.g., password policies are enforced).
Key monitoring tools availability
Ensure that key monitoring tools are running and collecting logs. For example, check that the firewall is configured correctly and up and running. Get reliable access to log files to demonstrate that logging requirements were met.
Change management in software development
Validate that a designated approval process has occurred before new code is deployed into the production environment.
Scan for vulnerabilities on an appropriate cadence. If a vulnerability is discovered and it has a critical rating, check that it was addressed in a timely manner (according to the firm’s vulnerability management policy).
Test whether there are any data backup failures or whether the number of data backup failures per 100 backups is below a certain threshold.
Verify that all of the firm’s confidential data is stored in an encrypted format. Ensure that access to encryption keys is restricted to authorized personnel. Make sure that data is transferred in a secure manner.
For each control, we’ve provided:
A testing scenario(s)
Illustrative evidence needed for the test
An illustrative testing script, including pass/fail criteria for each testing scenario
A suggested next step for when a test fails