TECHNICAL SYSTEMS TESTING - Infrastructure & Security Testing (General Controls Review)


	Evaluation & Compliance Testing
	+	Information Systems Security Audit
	>	Information Systems Controls
	+	Technical Controls
	+	Physical and Environmental Securiy
	Other
	+	Penetration Testing & Network Surveying
	+	Load Testing & Stress Testing
	+	Scalability Assessment
	+	Internal Controls and Operating Procedures (ICOPs) Development
	+	Contingency Planning & Incident Response Preparation
	+	Technical Standards Document (TSD) Development
	+	Project Management
	+	Interactive Testing
	+	Transfers of Approval




	Information Systems Controls Review Due to the highly controlled infrastructure environment necessary for the safe and secure operation of an Interactive Gaming System (IGS), part of TST's evaluation is the Information Systems Controls Review. This review may be conducted as part of a formal comprehensive IGS evaluation or alternatively it may be conducted on its own as a separate infrastructure evaluation service. The Information Systems Controls Review will focus on the internal controls within the organization to determine: What can go wrong, and The checks and balances that are in place to identify problems if they do occur. An appropriate and effective general controls environment will provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of the fault reporting and corrective processes, Effectiveness and integrity of software maintenance process, and Compliance with applicable laws and regulations. If TST can establish that the general information systems control environment is adequate, we can rely on that environment to ensure any software modifications are properly made. Our review includes the following areas: Control Environment: The Control Environment is the foundation for all other components of internal control. The Control Environment includes areas such as the systems development life cycle, testing and version control. Risk Assessment: The Risk Assessment identifies and analyzes the risks of achieving objectives and determines how to manage risks that may result from internal and external sources. Control Activities: There should be in place policies and procedures to ensure that organizational directives are followed and that necessary actions are taken to address problems that would impede achieving objectives. Control Activities include authorization, verification, reconciliation, review, security, and segregation of duties. Information and Communication: Pertinent information must be identified, captured, and communicated so individuals in the organization can fulfill their responsibilities. Effective communications should also be maintained with external parties, such as customers, Software Suppliers and jurisdictional Regulators. Monitoring: Management should monitor the internal control structure through ongoing monitoring activities in the course of operations and through separate evaluations. The Information Systems Security Controls Evaluations cover (but are not limited to) the following elements: • Policies, Standards, and Guidelines • Organizational Security, • Operations Management, • Patch and Update Management, • Monitoring System Access and Use, • Change Control Procedures, • Asset Classification and Control, • Contingency Planning, and • Incident Response.