The following is the domain checklist:
- Do functions exist to check the correctness of the data?
- Do functions exist to check the completeness of the data?
- Will all transactions be registered, that is, logged?
- Have you described the system security architecture?
- How is the system protected? What are the physical, software, and human elements of this protection?
- What security products are used to protect the system?
- How is individual user system access controlled?
- How are individual users authenticated?
- How is system process authorisation implemented?
- How is individual user access control created and maintained?
- How is data protected?
- What security audit and control processes are in place?
- What security audit processes and procedures have been implemented?
- How do you monitor system security?
- What level of access granularity is provided?
- Does the security model support role-based authorisation?