Blockchain technology has become one of the most promising technological advancements of the past decade with the potential to transform a variety of key industries. Many enterprises seek to incorporate the technology into their overall business and technology stacks. ISACA’s new Blockchain Framework Audit Program seeks to provide specific testing and evaluation criteria to assist personnel with the requisite skills to assess the risk and associated controls implemented to mitigate risk.
Blockchain is not practical for all enterprises; management must ensure that its use supports business objectives. The Blockchain Framework Audit Program intends to help professionals understand the risk associated with blockchain and to consider the controls that address it.
The audit program is built on the following categories:
- Governance
- Infrastructure
- Data Management
- Key Management
- Smart Contracts
The Blockchain Framework Audit Program provides an evaluation for management to utilize when determining the effectiveness of the implemented controls. The evaluation will consider the security controls from the following perspective:
- Safeguards or countermeasures that address administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect an information system that primarily is implemented and executed by people (as opposed to systems).
- Safeguards or countermeasures for an information system that primarily is implemented and executed by people.
- Safeguards or countermeasures for an information system that is primarily implemented and executed by the information system through automated mechanisms contained in the hardware, software or firmware components of the system.
ISACA’s Blockchain Framework Audit Program is available to purchase here. For additional insight into this topic, see ISACA’s Blockchain Framework and Guidance and Blockchain Preparation Audit Program.