Database access management
The purpose of the audit is to assess whether database access management has been organised in accordance with the established requirements and whether measures are being implemented in the audited databases that ensure access by authorised persons to the database and prevent access by unauthorised persons.
The main questions in the audit are the following:
1. Have institutions established an access policy and does it comply with the information security framework ISKE?
2. Are accesses opened, used, modified, closed and verified securely (according to the national framework) and in accordance with the established procedures?
3. Are the activities related to the use and administration of the database, including access management, sufficiently logged, is the integrity of the logs secured and are the logs analysed?
4. Are checks on the substantive validity of data requests carried out and are data subjects also provided with the possibility of checks?
|
Area of government
|
|
|
Institution to be audited
|
|
|
Auditees
|
|
|
Audit Department
|
Audit Department
|
|
Director of Audit
|
Ines Metsalu-Nurminen
|
|
Audit Team
|
Toomas Viira, Alo Lääne, Jevgeni Lazartšuk
|
|
Contacts
|
|
|
Audit Number
|
80087
|
|
Planned Start
|
2nd half of 2021
|
Actual Start
|
1st half of 2022
|
|
Planned End
|
2nd half of 2022
|
Actual End
|
|
|
Status
|
Work in progress
|
|
|
|
Related Audits
|
|
|
Created on
|
9/10/2021
|
|
Last modified on
|
5/10/2022
|
|
Last reviewed on
|
5/10/2022
|