Our IT audits are based on 2 main IT Auditing standards, CISA from ISACA (Information Systems audit and Control Association) and ISO 27001. These standards are globally recognised and lay down very exact rules for conducting a thorough IT audit.
Whilst the audited takes a lead from these respected standards they are to detailed for an initial quick audit but are employed full force if more thorough IT audits are requested or needed.
In our typical IT audit we examine the following main areas of a companies IT:
o Backups (It is crucial for an organisation to have up to date backups, ideally kept off site)
o Networks (This includes looking at both the internal network speed and also the connection to the outside world i.e internet. It also includes ensuring that there is sufficient firewalls in place to protect against malicious attacks)
o OS Versions (To make sure that all computers and servers are patched up to the latest secure versions)
o IT Training (This mostly looks at how confident the users are with using the computers but can also include a review of the competence of the IT staff)
o Storage (To ensure that there is sufficient storage available, this is in area where significant cost savings can be achieved).
o Anti Virus and Security (This checks that there are proper anti virus programmes installed and that they are up to date and also that there are no other security vulnerabilities, like for example easily hackable passwords)
These are the main areas which are initially audited but it is of course tailored to each individual customer to match their requirements.
Based on the results of the IT audit TorTek may be able to assist the company with improving their IT systems or at least consult further on what is needed.