Application Security Controls Assessment
What is the purpose/business use for this application?
Is it a facility or corporate level application?
Who is/are the primary user/s of this application? (List title, department, division, functional area )
What is the critical rating for this application (high, medium, low)?
What type of information is stored on the system? (ephi, financial,etc.)
Is there legislation that mandates protection of this data (HIPAA, SOX, etc.)?
Have electronic retention periods for the data been defined and communicated to IT for implementation?
How does the end user access the application (client/server, standalone, Web-based access, telnet, terminal emulation, etc)?
Is this application proprietary or provided by an external vendor? If external, provide vendor name.
Login to download the complete template.