修改意見(jiàn)from修訂建議-安永反饋

12月23日已建議from1October2013to30September2014，標(biāo)注ST、TH上應(yīng)該保留，建議取反饋：建議不修改的寫(xiě)作標(biāo)準(zhǔn)是一般不STTH的，另外參考了中行歐洲中心、美洲中心TheDeviceandEnvironmentTeam(DET-BJ)isresponsiblefortheoverallplanningofcomputerroomenvironmentalcontroloftheDataCenterandforestablishingthecorrespondingmanagementpoliciesplanspoliciesplans”兩個(gè)復(fù)數(shù)？反饋：已修修改為T(mén)heDeviceandEnvironmentTeamDET-BJ)isresponsiblefortheoverallplanningofcomputerroomenvironmentalcontroloftheDataCenterandforestablishingthecorrespondingmanagementpolicies,plansandprocedures”LinuxsystemsarenotmanagedbySAS,usersareauthenticatedbystaticpasswordviaSSHprotocol“LinuxsystemsarenotmanagedbySAS”描述有點(diǎn)歧義：Linux都沒(méi)被SAS管理，應(yīng)該用定語(yǔ)。反饋：已修ForbystaticpasswordviaSSHprotocol”TheDataCentersynchronisestheapplicationsystemsinthelocalandremotedisasterrecoveryenvironmentswiththeonesintheproductionenvironmentbasedonthesystemdisasterrecoverystrategies.“theapplicationsystems“應(yīng)該同步，但操作反饋：經(jīng)與科技部商議，該控制點(diǎn)已刪“toensurethatITsystemoperationswereoperatedasexpected“是否可修改為”toensurethatITsystemswereoperatedasexpected“反饋：已修修改為“toensurethatITsystemswereoperatedasInspectedaselectionoftheprogramchecklistsprogramchecklists反饋：已修修改為“InspectedaselectionoftheprojectacceptanceregistrationInspected…ensure…。ensure用法有問(wèn)題，應(yīng)該使用確認(rèn)、確定,例如determineInspectedservicelevelmanagementpoliciestoensurethatthedevelopmentandsigningofservicelevelagreementInspectedaselectionoftheinternalSLAsandSOWstoensurethatinternalacquiredtherelatednon-disclosureagreementstoensurethattheexternalITserviceemployeessignedthenon-disclosureagreements。獲取本身不能確保反饋該用法為T(mén)YPE1報(bào)告的沿用中行在“對(duì)批次ISAE3402報(bào)告20140827版本的修訂意見(jiàn)”中針對(duì)所用句式“inspected…ascertainthat”中ascertain一詞的使用提出了建議；在20148月29日的回復(fù)郵“對(duì)批次ISAE3402報(bào)告20140827版本的修訂意（終稿）安V5”中針對(duì)中行建議進(jìn)行了反饋ensureascertain此后報(bào)告一直12月24日建議ForaselectionofredundancyuserIDs,observedtheredundancyuserIDsinsystemtoensurethattheIDswerenotexistedinthesystem.2個(gè)步驟有，為反饋：已修修改為ForaselectionofredundancyuserIDs,observeduserIDsinthesystemtoensurethattheredundancyuserIDswerenotexistedinthesystem.”Foraselectionoftheproductionchanges,andinspectedtherelevanttestingreviewed.Foraselectionoftheproductionchanges,andinspectedtherelevantpost-evaluationForaselectionoftheproductionchanges,andinspectedthechangerequestrecords,ForaselectionoftheprojectinitializationapplicationsrelatedtooverseasITsystems(AsiaPacificregion),andinspectedtherelatedprojectinitializationnotificationsForaselectionofthevendorsfromthevendorlist,inspectedthecontractsForaselectionofthenewuserapplicationformsoftheNotessystem,inspectedtoForaselectionoftheapprovedchangerequests,andinspectedtherelevantproductionchangeimplementationplansForaselectionoftheITsystem,obtainedthedatabasepartitiondescriptionsForaselectionoftheapplicationsystems,observedlogconfigurationofthe反饋：已修“andForaselectionofthenewuserapplicationformsoftheNotessystem,inspectedtoensurethattheapplicationswereapprovedbyBOCHOexecutiveoffice.Inspected什反饋：已修ForaselectionofthenewuserapplicationformsoftheNotessystem,inspectedtheapprovalpartstoensurethattheapplicationswereapprovedbyBOCHOexecutiveForaselectionoftheversionsofapplicationsystemsintheproductionenvironment,observedtheversionnumbersoftheapplicationsystemsinthelocaldisasterrecoveryenvironmenttoensurethattheversionnumberswereconsistent.建議：Foraselectionoftheapplicationsystemsintheproductionenvironment,observedtheversionnumbersoftheapplicationsystemsinthelocaldisasterrecoveryenvironmenttoensurethattheversionnumberswereconsistent.反饋：經(jīng)與信息科技部商議，該控制點(diǎn)已刪1225ThecreationoftheuserIDsandtheuserprivilegesreviewwereinlinewiththeauthorizedrightswereexecutedbydifferentemployees.語(yǔ)法有疑問(wèn)。反饋：已修TheuserIDscreationanduserprivilegesreviewwhichwereintendedtocheckwhethertheauthorizedrightswereinlinewiththeappliedrights,wereexecutedbydifferentemployees.AllITsystemsusersoftheDataCenterapplyforrightsaccordingto‘UserIDUniqueness’principle,‘AuthorizationonDemand’principle,‘NeedtoKnow’and‘LeastPrivilege’principle.Theuser’creationandrightsmodificationoftheDenterareauthorizedbytheheadsofapplicant’andtheauthorizingteam.與中文版有差異申請(qǐng)權(quán)限是否需要考慮UserID反饋：已修Foraselectionofresponsibilitychangedusersandtheresponsibilities’descriptions,observedtheiraccountandrightsinthesystemon-sitetoensurethattheoriginaluserrightswereadjustedandtheexistinguserrightswereinlinewiththeresponsibilities’descriptions。responsibilitychangedusers英文含義不明責(zé)任改變了用戶？)，responsibilities’descryptions英文似乎不太這樣用，jobdescriptions?反饋：已修Foraselectionofuserswithpositionchangesandthecorrespondingjobdescriptions,observedtheiraccountsandrightsinthesystemon-sitetodeterminethattheoriginaluserrightswereadjustedandtheexistinguserrightswereinlinewiththeresponsibilitiesstatedinjobdescriptions.Foraselectionofterminatedusers,observedtheusers’accountsandrightsinthesystemon-sitetoensurethattheusers’accountsweredeleted.建議修改為Foraselectionofterminatedusers,observedtheusers’accountsinthesystemon-sitetoensurethattheusers’accountsweredeleted.反饋：已修修改為Foraselectionofterminatedusers,observedtheusers’accountsinthesystemon-sitetoensurethattheusersaccountsweredeleted”ForthenetworkdeviceswerenotsupportedbyRADIUStheuserisrequiredtouseastaticpassword，句法有疑問(wèn)，應(yīng)該使用定語(yǔ)反饋：已修ForthenetworkdeviceswhichwerenotsupportedbyRADIUS,theuserisrequiredtouseastaticpassword,Inspectedtheaccesscontrollistfromthefirewallconfigurationtoensurethatofficeenvironmentuserscouldnotconnecttotheexternalnetwork.用戶不能連接到外部網(wǎng)絡(luò)？officeenvironmentusers有點(diǎn)中文直譯，英文可能不這樣寫(xiě)。反饋：已修Inspectedtheaccesscontrollistfromthefirewallconfigurationtodetermineofficeterminalscouldnotconnecttotheexternal“獲取并檢查開(kāi)放平臺(tái)用戶ID申請(qǐng)表，確認(rèn)用戶已使用完畢”描述（即使結(jié)反饋：建議不修ID申請(qǐng)表中會(huì)對(duì)用戶的關(guān)閉時(shí)間進(jìn)行記錄1225Foraselectionoftheversionsofapplicationsystemsintheproductionenvironment,observedtheversionnumbersoftheapplicationsystemsinthelocaldisasterrecoveryenvironmenttoensurethattheversionnumberswereconsistent.只觀察本地，反饋：經(jīng)與科技部商議，該控制點(diǎn)已刪ObservedtheRACFprofiletoensurethatRACFsecuritymanagementmodulewasdeployedtocontrolaccessrightofmainframesystem.前面一段已經(jīng)包括這些內(nèi)容，是否需要重復(fù)（InspectedtheDataCenteraccesscontroltechniquespecificationtoensurethatRACFsecuritymanagementmodulewasdeployedtocontrolaccessrightofmainframesystem,andthespecificationwasapprovedandformallyreleased.）反饋：建議不修InquiredoftheDentermanagementaboutthesecurityconfigurationoftheplatformsystemuserpassword.theopenplatformsystemuserpassword有點(diǎn)中文直反饋：已修“Inquiredofuserpasswordofopenplatformsystems.”現(xiàn)場(chǎng)觀察WINWIN平臺(tái)系統(tǒng)通過(guò)域控服務(wù)器的安全策略對(duì)用戶權(quán)限進(jìn)行控制。反饋：已修現(xiàn)場(chǎng)觀察WIN平臺(tái)系統(tǒng)域控服務(wù)/r