Generally Accepted System Security Principles

P-11 Internal Control Principle

P-11 Internal Control Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


Information security forms the core of an organization's information internal control system.


This principle originated in the financial arena but has universal applicability. As an internal control system, information security organizations and safeguards should meet the standards applied to other internal control systems. "The internal control standards define the minimum level of quality acceptable for internal control systems in operation and constitute the criteria against which systems are to be evaluated. These internal control standards apply to all operations and administrative functions but are not intended to limit or interfere with duly granted authority related to development of legislation, rulemaking, or other discretionary policymaking in an organization or agency.

A. General Standards

B. Specific Standards

C. Audit Resolution Standard