This sample questionnaire is designed to monitor and enhance an organization's IT application security process.

Sample questions include: Do security controls exist within the application? Does the application administrator require privileged access to the platform it resides on? Does the application automatically deactivate the session after a period of inactivity? Are users restricted from logging on to the application more than once at a given time? Can the system provide edit capabilities to certain users and read capabilities to other users based on their needs?