Proposed Plan
The current plan to start the audits of FAS (non-central IT) is as follows:
Phase 1 - January 2018 - December 2018
Inherent risk surveys on all applications.
Phase 2 - January 2019 - June 2019
Send out FAS Risk Assessment to all applications without a risk assessment.
Phase 3 - June 2019 - December 2019
Review surveys and make recommendations to Application Administrators and Application Managers for remediation.
FAS DSCP Exception
FAS DSCP will create an exception process for applications. This exception targets applications that have stayed the same since the last review. The workgroup will decide on the definition when a new application checklist is needed.
Dependencies
Inherit Risk Survey Tool - Enterprise DSCP