IT Audits

WHAT IS PRE-IMPLEMENTATION IT AUDIT?

• Identification and inventory of current IT systems
• Identification of client’s needs in technical and economic aspects
• Development of assumptions for project execution
• Migration planning
• Execution of migration to the Datacentre
• Planning of new resources in the datacentre
• Offering for specific solutions, technical design
• Technical implementation of a selected concept based on hosting domains, applications, racks, virtual servers, physical servers.
• Virtualisation of old and new environments based on VmWare and Hyper-View
• Planning of as-built documentation, policies, procedures, instructions
• Technical work, configurations
• Planning of system administration work and basic administration activities to relieve local IT
• Advanced systems administration to delegate all administrative tasks to outsourcing
• Backup planning
• Monitoring planning
• Planning Maintenance of the entire solution

Execution of all technical activities and placing resources, systems in a specialized datacenter.

Duration depending on the size of the company from 7 days to 30 days.

The result of the work is presented in the form of a prepared report for the Management Board or IT teams.

We present technical and economic variants.

AUDIT OVERVIEW

• Implementation of all technical operations and placement of resources and systems in a specialised datacentre.
• Duration depends on the size of the company and ranges from 7 days to 30 days.
• The result of the work is presented in the form of a prepared report for the management or IT teams
• We present technical and economic options

Audit offer for companies from Warsaw and other Polish cities

We offer to perform an IT audit as part of starting cooperation. The scope of the proposed work:

Duration:

A one-day visit (8 hours) must take place to implement the audit. The elaboration of the results will be carried out for 7 working days.

Results of the work:

The results of the work will be presented in the form of a post-audit document and, if required, we will prepare presentations for the Board. We invite companies from Warsaw, Gdansk, Lodz Poznan, Wroclaw, Katowice and Krakow who care about a reliable and efficient IT audit to cooperate with us.

Audit of information systems security

Regular IT systems security audit helps to avoid many serious problems, not only of an IT nature, but e.g. related to making confidential data public, etc. Sometimes a bad configuration, breakdown or other reason causes the IT infrastructure to work not as it should. How does an audit work? It is an activity that consists in testing security systems and their vulnerability to factors such as random events or attacks from cyberspace. Tests, based on global standards, are performed both manually and automatically. In both cases, these activities are performed by a trained, qualified and experienced auditor. We prepare a report from the conducted audit of IT systems security, which includes our analyses, conclusions and proposals of methods to solve the identified problems. Thanks to an audit it is possible to quickly and accurately assess the security status of protected data resources, detect violations, and indicate alternative solutions. It is also an opportunity to reconfigure the system properly. We guarantee efficient and professional performance of security audits of IT systems.

Software legality audit

Nowadays more and more attention is paid to the legality of software used by companies in IT systems. Regular inspections are conducted as a result of not only anonymous denunciations but also preventive activities of services protecting copyrights in Poland.

The use of unlicensed applications in a company is in most cases caused simply by a mess in the licenses themselves and the failure to control the time after which they expire. Employees themselves also contribute to the problem, often installing software downloaded from the net on their company computers, not always fully legal. It is worth remembering that very often free applications cannot be used for commercial purposes. Professional software legality audit, which we perform for our clients from Warsaw, allows for effective solution to this problem. It is not only verification of the license of used applications, but also introduction of solutions thanks to which, these situations will not occur in the future.

What are the elements of such an audit?

1. Determination of quantity and types of used software by scanning each computer, server.
2. Analysis of purchase documents and the client’s licence archive.
3. Report on the licences owned and used, including purchase documents.
4. Conclusions and recommendation.
5. The duration of a software legality audit can vary from 2 weeks to 1 month.

Software legality – how do we perform IT audits in Warsaw?
Our activities can be divided into 3 basic stages:

Conducting a comprehensive software inventory – Our specialists collect information on all devices that make up the IT system, prepare a list of current licences used by the company and then compare it with what is actually installed on the devices;

Removal of illegal software – After preparing a full audit report, we can start removing from the devices all applications which use is illegal according to the law. At the same time, we renew expired licences and tidy up IT systems, getting rid of, among others, completely unnecessary tools or those that have not been used for a long time;

IT systems security policy – we always end our work by introducing comprehensive solutions tailored to the given business, thanks to which the risk of using unlicensed software in the future will be reduced to a minimum.

Security policy

Despite appearances, using illegal software in a company is not only exposing oneself to possible financial penalties related to copyright infringement. One should first of all remember about the safety of the IT system itself. Huge amounts of data are collected there, often sensitive and subject to special protection, and using unlicensed applications poses a huge threat to them.

The worst consequences (apart from the already mentioned legal problems) of using illegal software include

• lack of access to updates, and therefore lack of adequate antivirus protection;
• inability to use technical support of the software manufacturer;
• lower efficiency of unlicensed applications, which have not been updated for a long time.

Threats are also generated by programmes downloaded from the Internet. Most often, they are completely unverified, and their code may hide malicious software, threatening the security of data collected in the company’s IT system.

As part of the audit carried out in Warsaw, we will comprehensively deal with the security policy. Not only will we check the validity of all licenses, but we will also make sure that the IT system has up-to-date tools installed and that it does not contain programs that are completely unnecessary and that only reduce its performance unnecessarily.

Proper data protection – procedures, documentation, security policy

The strength of a modern company is its systematic operation, repeatability of processes, easy duplication and speed of changes. This cannot be achieved without having appropriate procedures describing the operation of IT systems. As part of creating documentation for ISO Certification, we are able to prepare procedures for Information Systems. It is also worth noting the documentation that every company must have in relation to the Personal Data Protection Act. We can also prepare security procedures. We successfully participate in validation work in pharmaceutical companies in accordance with GMP, GLP, FDA.

Encryption – the auditor will certainly pay attention to the fact whether the collected and processed data are stored on encrypted media. Media which must be encrypted, catalogued and managed include hard drives of portable computers, phones nowadays most often being smartphones, flash drives, USB drives. Certainly, post-audit conclusions will contain information that one should not only stop at encryption, but also at procedures and instructions describing the whole process. It is worth having described processes of recovering access to encrypted data in case of its loss, e.g. after random events concerning employees or IT administrators.

The audit conclusions will also include recommendations to encrypt communication channels between company premises and between a mobile employee and the company system. A VPN should therefore be used. Certainly, it is also necessary to keep records of persons who use these communication channels and the system of procedures according to which these persons are granted access to them.

The auditor will certainly be interested in the way Internet users connect to your website and will certainly include recommendations for encrypting the communication between your website and the user in the conclusions. Especially when an application form is being filled in, e.g. collecting data to prepare an offer or send a newsletter.

Through the years, I have possessed the knowledge how to meet the recommendations of RODO regarding encryption therefore feel free to contact me.

PAWEŁ JASZCZURA – CEO LIZARD