IT Auditing, Compliance & Review
IT auditing, also known as ICT, computer, network or systems auditing, is a professional discipline involving several different techniques for independently reviewing computer and network systems, IT departments, IT-related security controls and an organization’s use of information. Here are some examples of IT audit reviews typically performed by SNT consultants:
Governance & Compliance ControlsWithin IT departments and development projects e.g. management structures, financial planning, management information and reporting, post-implementation reviews, IT strategy reviews including the relationship to other business strategies and corporate functions
IT and Network System Security Controlse.g. reviewing information security controls during the testing phase of systems development, or on operational systems and networks (technical, physical and/or procedural controls; preventive, detective and/or corrective controls)
Post-Incident ReviewsDiscover and address the root causes of information security incidents (the auditors’ independence and objectivity is a crucial factor here)
Contingency Planning & Disaster RecoveryIncluding the IT elements of contingency planning and management, focusing on business continuity planning and disaster avoidance through resilience and other controls, using on physical security, uninterruptible power supplies, air conditioning, fire/flood protection etc. for the computer suite
Our policy management and integration services cover the following major areas of compliance with reviews carried out to ensure policies include all new technologies as they are released
- ICT Acceptable Use Policy
- ICT Account Management Policy
- ICT Data Retention and Disposal Policy
- ICT Data Encryption Policy
- ICT Email and Internet Use Policy
- ICT Malicious and Unauthorised Software Policy
- ICT Remote and Mobile Working Policy
- ICT Removable Media Policy
- ICT Third Party Access Policy
- ICT Wireless Network Security
- ICT Security Incident Reporting
- ICT Change Management Policy
- ICT Acquisition Development and Management Policy
- ICT Data Security Marking & Data Management Policy
- ICT Communications and Operations Management Policy
- ICT Data and Asset Management Policy
- ICT Data Backup Policy
- ICT Password Management and Use Policy
- ICT Workstation Security Policy
- ICT Vendor Management Policy
- ICT Server Security Policy
- ICT Risk Notification and Management Policy
- ICT Server Security Policy
- ICT Application and Database Security Policy
- ICT System Monitoring Policy
- ICT Mobile Telephony and Smartphone Usage Policy
- ICT Bring Your Own Device Usage and Guidelines Policy
T +44 (0) 844 567 7015 E info@snt.uk.com
© Copyright SNT Solutions 2013. All Rights Reserved.