IT Examiner School eBook May 2025

Internal Use Only

Disposal

End-of-Life Support

Decommissioned

The point when a vendor ceases support for a product or service. When support ends, the vendor no longer makes code improvements or provides patches to address newly discovered security weaknesses. (Vulnerabilities) Vendors typically work to prepare customers for end of support. Management should have a formalized policy on End-Of-Life assets.

Involves the orderly removal of surplus or obsolete hardware, software, or data. Part of management’s processes should be to have a defined, expected life span for hardware and software. Primary tasks include the transfer, archiving, or destruction of data records. Management should transfer data from production systems in a planned and controlled manner that includes appropriate backup and testing procedures.

Internal Use Only

Development & Acquisition InTREx (Information Technology Risk Examination)

Objective • To evaluate the institution’s development and acquisition processes to ensure systems are implemented securely, effectively, and in alignment with business and regulatory requirements.. Decision Factors • Six (6) decision factors which covering governance, project management, change control, vendor management, application security. Procedures • Nine (9) procedures to address each of decision factor.