BP 11122023 129pm - Flipbook - Page 87
IT Questionnaire, Standards & Resources
The Office of Information Technology and Department of Internal Audit worked in
collaboration to develop the IT Questionnaire, Standards & Resources document to assist
parishes, missions, campus centers, and schools in assessing current cyber security
preparedness status. Although the questionnaire will be included in each internal audit, we
encourage each location to proactively evaluate their cyber security risk as soon as possible.
If provided during an audit, please submit the completed questionnaire to the internal
auditor. At the end of the questionnaire, you will find recommended IT standards,
resources, and contact information.
Name of location:
#
Name of individual completing document:
IT Questionnaire
1. ON/OFF BOARDING EMPLOYEES
1.1 Do you have documented policies and procedures for on/off boarding employees?
1.2 Are users required to agree to and sign compliance with policies and procedures (i.e., Email
and Internet Usage Policies; Social Media Policies; Remote Access, etc.) when onboarded? If yes, are these documents maintained?
1.3 Do you have an approval process in place to authorize access to parish/school IT resources
such as email and individual applications? If yes, who manages this process?
1.4 Are policies in place to redistribute or delete old user’s files/data/access to other users upon
an employee departure?
1.5 Are old user IDs deleted from your system(s) when an employee departs?
1.6 Provide a system report of users and their access type for:
• Online giving Vendors (ex. Our Sunday Visitor)
• Bill.com
• Electronic Payment Processing Vendors (PayPal, Venmo, Square)
• Parish/mission/campus centers donation software (ParishSoft Family Suite)
• School 3 tuition management database (FACTS), student database software
(RenWeb, PowerSchool), general ledger if using Blackbaud
• School fundraising software 3 (could be a variety of vendors, such as Little
Greenlight, Raiser’s Edge, etc…)
• General Ledger (Blackbaud, etc…) Note: a list of users for ParishSoft Accounting
is not required since access is managed at the Chancery level.
1.6.1 Does someone review & update access permissions to key financial and operational
applications and IT resources on an annual basis to ensure that access permissions are still
in line with job responsibilities?
87
Yes
No