Para 3.22.38 — MSO (Audit)

MSO (Audit)mso-audit

3.22.38 Logical Access controls are provided to protect the financial applications and underlying data files from unauthorised access, amendment or deletion. Logical access controls can exist at the installation as well as application levels. Controls within the general IT environment restrict access to the operating system, system resources and applications, whilst the application level controls restrict user activities within individual applications.

What This Means

Logical access controls are software-based safeguards that protect financial applications and their underlying data from unauthorised access, modification, or deletion. These controls work at two levels: installation level (controlling access to the operating system, system resources, and applications as a whole) and application level (controlling what individual users can do within a specific application).

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Logical access controls protect applications and data from unauthorised access, amendment, or deletion
2They exist at installation level (operating system, system resources, applications)
3They also exist at application level (user activities within individual applications)
4Installation-level controls restrict access to the overall IT environment
5Application-level controls restrict specific user activities within each application

Practical Example

In a state payroll system, the auditor reviews logical access controls at both levels. At the installation level, they check that only system administrators can access the server's operating system, and that the payroll application files cannot be directly modified outside the application. At the application level, they verify that data entry clerks can only input salary data, section officers can view and approve but not modify, and the drawing officer alone can authorise final payment. They find that two retired employees' accounts are still active at both levels — a clear control failure.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

What is the difference between physical and logical access controls?▼

Physical access controls prevent unauthorised persons from physically reaching the computer hardware. Logical access controls are software-based mechanisms that prevent unauthorised users from accessing data and applications even if they are at the computer terminal.

Why are both installation-level and application-level controls needed?▼

Installation-level controls form the outer perimeter — if someone bypasses them (accessing the operating system directly), they can circumvent all application controls. Application-level controls provide granular restrictions within each application. Both layers together provide defence in depth.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.38 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules