OR-06 IT Operations & Resilience

Job Scheduling Control

Automated processing is scheduled and access-controlled.

Domain: IT Operations & Resilience
Control type: Preventive
Automated / manual: Hybrid
Frequency: Continuous
Framework reference: COBIT DSS01

What good looks like

Scheduled jobs are documented; scheduler access restricted; job changes controlled.

Risk if it fails

Unauthorised job changes; processing errors.

How Tess tests it

3 tests — each concludes only on cited evidence.

Scheduler-access restriction defined

Design

Procedure: Inspect the policy.
Expected: Access restriction defined.
Sample: 1 (design inspection)
Evidence: Scheduler config, access listing, job-change records.

Scheduler access matches authorised

Operating

Procedure: Reconcile scheduler access.
Expected: Appropriate access only.
Sample: 25 (or full config inspection)
Evidence: Scheduler config, access listing, job-change records.

Job changes controlled/documented

Operating

Procedure: Sample job changes.
Expected: Controlled and documented.
Sample: 25 (or full config inspection)
Evidence: Scheduler config, access listing, job-change records.

Evidence Tess looks for

Scheduler config, access listing, job-change records.

More in IT Operations & Resilience

OR-01 IT Governance & Oversight OR-02 IT & Information Security Policies OR-03 IT Risk Assessment OR-04 Asset & Configuration Management

Want Tess to test OR-06 against your evidence?