System Audits
Over time in most organisations information gets lost, updates get forgotten and support renewals dates get missed. Typically, this is a result of a change in technology, staff turnover, employee role and responsibility changes or just a lack of attention. The risk to an organisation can be catastrophic especially in a country as isolated as Bermuda.
To help customers mitigate their risk with their IT systems CCS offers hardware audits, software audits, security audits and facilitates third party independent audits. The methodology CCS employs for its audits varies slightly depending on the type of audit but all of the services follow the same principals. CCS auditors perform the following steps:
-
Understanding the Organisation and its Environment – CCS understanding the organization it is auditing is imperative for assessing the company’s potential risk and to set the scope of the audit. The CCS’ understanding should include information on the nature of the company, management, governance, business objectives, and business processes.
-
Business Need Definition – CCS’ audit team will conduct meetings with the client's key management to identify business needs and expectations as they relate to the company’s IT systems. From the information gathered in this meeting CCS’ audit team will fully understand what the client's management expects from its information systems and will later be able to compare those expectations to what the systems in place can actually deliver. This is a key task as all following technical work will refer back to this session to ensure that IT is in line with management's stated objectives.
-
Detailed Audit – The nature of the audit (i.e. hardware, software or security) will determine the focused of the detailed review of organisations IT systems. However, regardless of the type of audit the review will tie back to the management objectives from the business needs definition. CCS will take a risk based approach to the audit which will enable CCS to execute an audit which will consider all potential weaknesses and/or absence of controls and determine whether this could lead to a significant deficiency or material risk to CCS’ client.
-
Recommend Changes – After evaluating the results of the audit CCS consultants will province the customer with recommended changes to their IT systems that have been identified as “Immediate Action Required”. The items will be areas when the audit has illuminated areas that present significant deficiency or material risk based on the business needs definition. CCS will also provide a "Suggested Actions List". This list will include actions that may not present an immediate risk to the organization but could present ricks in the future or don’t meet best practices and should be corrected.
-
Documentation – Documentation will be ongoing through the entire audit process. Once the systems are all in a position where they are 'meeting the defined business needs' and are configured and operating in line with 'IT best practices' the system will be properly documented in a detailed manner. Additionally, a management report outlining all the findings will be compiled and presented to customer.
Hardware Audits
CCS hardware audits focus on the networking, telephony, server and storage infrastructure within an organization as they are all critical to most organization’s business. The goal is to confirm that none of the infrastructure has been deemed end of life (EOL) or end of support (EOS) by the manufacturer and that the firmware is up to date on all hardware components. CCS will also confirm whether or not the hardware has a valid vender support contract associated with it. While they are not usually considered critical systems, the hardware can be expanded to include workstation and peripherals in addition to the company’s core equipment. This service is included on a semiannual basis to CCS premier level Tech Care customer as part of their annual maintenance agreement.
Software Audits
CCS software audits are designed primarily to help companies get a handle on the software license they own and how they are being used with in their organization. During a software audit CCS consultants audit the software types within an organization, the release of software being utilised, the quantities owned and any upgrade entitlements the company could take advantage of. As with the hardware audits CCS will also verify that the software is up to date and getting updated regularly as well as confirming the software solution being utilized is associated with a valid support contract.
Security Audits
Most security solutions include both hardware and software components. CCS’ security audits include all of the activities from our hardware and software audits. With security audits CCS consultants focus on architecture and the strength of the IT security solutions protecting the organisation.
For more information please contact our sales department.