Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
ISAE 3402 is an international standard provides guidance on the preparation of assurance reports for controls environments at service organisations. ISAE3402 reports are often used by technology companies, such as cloud and SaaS providers, as well as other business process outsourcing firms, to demonstrate to their customers that they have well-managed operations. The more widely recognised acronym for this type of report is ‘SOC’, originally standing for ‘Service Organisation Controls or, more recently, System and Organisational Controls. ...
Further reading Tool Suite - ISF Information Security Forum launches Aligned Tools Suite 2020 to help ensure compliance standards - Security Magazine
Context For professionals moving into governance roles within the financial sector or large multinationals, familiarity with proprietary frameworks is often as important as knowledge of international standards. While ISO 27005 establishes the principles of risk management, the Information Security Forum’s IRAM2 is frequently the specific implementation found in major institutions. You may not need to become a certified IRAM2 practitioner, but you should understand the structure if you intend to work in large-scale enterprise environments. ...
Related pages Shariah compliance Prohibition of riba - interest Profit and loss sharing Asset-backed financing Gharar - uncertainty Maisir - gambling Murabahah - Cost-plus financing for purchasing goods. Ijara - leasing contracts for assets Istisna - for construction or manufacturing contracts Sukuk - Islamic bonds backed by assets Zakat Halal investments Takaful - islamic insurance
The Joiners, Movers and Leavers (JML) process manages the lifecycle of user access within an organisation. It ensures that access rights are appropriately granted, modified, and revoked as employees join, move within, or leave an organisation. Typical controls include: Access Request and Approval: Ensuring that access requests are properly authorised by relevant managers or system owners. Role-Based Access Control (RBAC): Assigning access based on the user’s role within the organisation to enforce the principle of least privilege. Periodic Access Reviews: Regularly reviewing user access rights to ensure they are still appropriate. Automated Provisioning and De-provisioning: Using automated tools to grant and revoke access promptly as users join, move, or leave the organisation. Audit Logging and Monitoring: Keeping detailed logs of access changes and monitoring for any unauthorised access attempts. Segregation of Duties: Ensuring that critical tasks are divided among multiple users to prevent fraud and errors. Further reading What are Joiners-Movers-Leavers (JML)? - BeyondTrust