Cargando…

.seo-fallback{padding:2rem 1rem;max-width:800px;margin:0 auto;font-family:sans-serif} .seo-fallback h1{font-size:1.5rem;font-weight:700;margin-bottom:.5rem;color:#1757c2} .seo-fallback h2{font-size:1.25rem;margin-top:1.5rem} .seo-fallback h3{font-size:1rem;margin-top:1rem} .seo-fallback p{color:#4b5563;line-height:1.6} .seo-fallback a{color:#1757c2} .seo-fallback ul{padding-left:1.5rem} .seo-fallback nav ol{list-style:none;display:flex;gap:.5rem;padding:0;flex-wrap:wrap} .seo-fallback nav ol li+li::before{content:"›";margin-right:.5rem}

Branch visit checklist

Site security visit

What does this form include?

This form contains 24 sections:

Access Control

1.1 What do you do with your user I.D and password to protect them?
1.4 How do ensure that they are unique?
1.6 (Managers)How do you make sure that employees have the correct access permissions for their role?
1.6 (Managers)What checks do you carry out and what frequency?
1.9 (Managers)If one of your employees changes roles how do you make sure they only have the access they require for their new role?
1.9 (Managers)How do you ensure that employee access is terminated immediately when they leave?

Compliance

6.1 What compliance activities do you carry out in relation to:

E Mail Security

9.1 Do you use external email?If yes what process would you follow if you need to send an email private or confidentially?
9.1 Do you use Rightfax in branch?If yes what controls do you have in place to ensure that the fax is going to the correct person?

Equipment Security

10.1 MANAGERS - Whats steps do you need to take to protect your portable equipment?
10.2 What process do you take to protect any equipment you are responsible for?i.e to prevent unauthorised (Workstation or keys)
10.3 MANAGERS- What process do you follow if you need to move a PC or printer?

Asset Management

2.2 MANAGERS- When do you notify technology of changes in ownership of equipment?

Information Classification Handling & Transfer

12.1 If you needed to know about classifying documents where would you look?
12.4 MANAGERS- Do you know where your departments data detention policy is stored?
12.4 Have you complied with it in the last 12 months?

Information Security Incident Management

13.1 Explain what you think a security incident is?
13.1 Who would you report a security to ?

Management of malicious and mobile code

14.1 Are you authorised to work from home using your home PC or Laptop?If yes then who provided the authentication and what checks did they make?
14.2 What process do you follow if you receive a virus alert on your PC or Laptop?
14.8 OBSERVATION: Check encryption of laptops
14.8 OBSERVATION: Test AV Signatures

Media Management

16.1 What process should you follow for the protection of media or storage device
16.1 Can you take media or storage devises offsite?
16.2 How do you dispose of media or storage devises

Mobile Computer and Homeworking

17.1 Who would you report a lost laptop/ Blackberry to?

Personnel Security & Fraud

20.1 Can you confirm that you have completed your IS & Fraud PRS in the last 12 months?
201.1 Did you comply with all the statements?

Personal Security

20.5 MANAGERS- How do you make sure that all your staff comply with the IS PRS?

Physical Security

21.7 What process must you follow when you have a visitor at the branch?

Fraud- Training and Awareness: Managers and all staff

1.1 MANAGERS- Do you have to complete any fraud awareness compliance activities?

FRAUD - Acceptance of Funds: For all staff accepting funds / handling cash

5.1 What do you look for when you receive a cheque from someone who is paying?
5.2 When carrying out cash exchanges in and out, what process do you follow?Where is this documented?
5.3 What is the Banking process and where is it documented?
5.3 OBSERVATION: Check evidence that it is being followed? e.g signatures on control documents
5.4 What process do you follow if you suspect a suspicious transaction. e.g Money laundering
5.4 Who would you report this to?
5.5 What process do you follow when accepting or paying out cash when systems are unavailable? How do you maintain the audit trail?

Fraud: Reconciliations: All staff handling funds

6.2 What process is followed for the movement and storage of cash and cheques?
6.2 Who has access to the cheques and cash?
6.2 Where is the process documented?
6.3 What is the process for balancing the branch?
6.4 What is the process for dealing with cash under`s and overs?Where is the process documented?
6.5 What is the process for managing sundries accounts? (i.e error suspense accounts, petty cash)

Fraud: Release of Funds: All staff releasing funds

7.1 What process do you follow to identify a customer?What and where are the details recorded?Can you provide evidence of this?
7.2 What is your mandate for specific transactions (i.e Cheque withdrawals, CHAPS)Can you provide evidence of this?
7.3 What would happen on requests above this limit?
7.4 MANAGERS- What process do you follow when managing leavers,movers and joiners to mandate structure?Can you provide evidence?

Fraud: Validation All staff with customer contact

10.1 What do you do before giving out customer information?
10.2 What validation process do you follow when talking to customers?Where is information recorded?

Fraud: Gifts and Hospitality All Staff

13.1 What do you need to do if you receive or are offered gifts or hospitality from external sources?
13.2 What process do you follow when you are submitting an expense claim, and how is it approved?What would you expect to happen if you submitted a false claim?
13.2 MANAGER: How do you approve expense claims>

Fraud: Incident Management All Staff

What process do you follow if you identify fraud?Who do you notify?

Business Continuity: People Planning All Staff

1.2 What is your role in the event of a business continuity incident (i.e fire alarm,bad weather,break in)
1.2 How will you receive information?
1.2 When did last check Peoplesoft to ensure that you information was up to date?

Business Continuity and Recovery Planning: Managers Only

3.20 What planning do you have in place to ensure that you have the relevant staffing levels in the event of an incident?How do you know the contact numbers of your team and where are they stored?What process do you follow to ensure that the information on Peoplesoft is up to date?When did you last read your areas BCP?

HR: Communications & Private Policy ALL Staff

2.5 Are you aware of your responsibilities under the computer misuse act?1. Try to log on to a system which you are not authorised to use.2. Sign on to a system with the intention of committing an offence.3. Sign on to a system that your are not authorised to use and then modify any data.4. Deliberately do something that causes a degradation. failure or other adverse impact on a computer system.
2.5 What do you do if you find you can access systems or information that you do not require for your role?
2.11 What are the arrangements for using a personnel mobile phone?Are you allowed to use it at your desk?
2.13 (STAFF with email access) Can you give an example of email abuse?

Similar templates

Use this template