6

Here a more concrete question:

I am interested in documentation for an External Security Audit for ERP applications.

  1. What are the types of External Security Audit for ERP applications?
  2. What types of resources should be provided in read access only for External Auditors examining ERP applications?
Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
Phoenician-Eagle
  • 2,237
  • 17
  • 21
  • 2
    Paul, as user502 has said in his answer, this question is vague. However I'm sure that you could do a quick edit to make it better (what purpose does your audit have? What sector are you in? Is it internal or external?) so I won't vote to close, but could you make the question more specific? –  Nov 29 '10 at 15:16

1 Answers1

3

"Audit" is such a broad category that this question is not answerable in its current form. If you're about to undergo a PCI-DSS audit, there are checklists to go by: https://www.pcisecuritystandards.org/security_standards/documents.php. If you're accrediting a system for the US DoD, you'll need the DIACAP documentation. If you're doing an internal audit, local IT management will decide.

user502
  • 3,311
  • 1
  • 24
  • 18
  • Actually, you answered partially this question and this is exactly what I need. Can anyone provide me a list of Audits to be followed and the documentation that would show me what are the data they need access to? example in your case you pointed to PCI, so what is there in addition? – Phoenician-Eagle Nov 29 '10 at 13:29