Audit and Accountability (AU Controls)

  • All IAM activities are logged for at least 1 year

  • Logs include: Login attempts, privilege changes, access violations

  • Reviewed monthly by InfoSec team, quarterly by 2nd line (Risk) and yearly by 3rd line (Internal Audit)

  • Evidence retained to support FCA Principle 10 and SMCR regime

References:

FCA Principle 10 https://www.handbook.fca.org.uk/handbook/PRIN/2/1.html

SMCR https://www.fca.org.uk/firms/senior-managers-certification-regime

PreviousAccess Review ScheduleNextCompliance Mapping

Last updated