P R O M O T I O N
LSB DATA - we feel IT
technologie internetowe oprogramowanie usługi audyty IT bezpieczeństwo infrastruktura szkolenia IT

new security solutions



our partners

IT audits

A well performed IT audit allows for early detection of possible risks and lets avoid them or reduce their effects to the minimum. It also helps to define IT requirements resulting from company operations, subsequently reducing costs of purchases related to IT infrastructure.

Audit? What is that?

Even the most experienced businessmen seem to dislike the word “audit”. Irrespective of its form, such procedure always means that an external company will gain access to the key resources of an organisation. However, an IT audit does not mean fines or charges, but results in early detection of risks and reduction of their negative consequences, by analysing the issues of confidentiality, availability and integrity of information owned by a company. The lack of such data can result in severe losses resulting both from a system failure and from a loss or theft of confidential information. An IT safety audit is precisely the tool used to estimate the efficiency of security policy of a particular IT system. Auditors use their knowledge of company operations to determine which assets should be covered by an audit.

Does it concern me?

It is important to perceive an audit not as an abstraction, far away from daily realities of work, but an integral part of the strategic process of developing and maintaining an effective safety policy. It is not a formal, once-off operation focused only on top management positions, but it embraces every structural unit in the organisation which uses a minute part of corporate IT infrastructure. Considering the variety of configuration settings and information resources in databases, one can doubt whether it is possible to obtain reliable safety registers. However, safety audits are a tool which can adequately size up the actual risk.
Safety auditors base their work on a series of individual interviews with employees, on the results of so-called penetration tests which show the vulnerability to attacks, an in-depth analysis of system settings/configuration, an analysis of Internet resources and archive data. In the first place, they take into account the safety policy, which constitutes the foundation of any effective protection, and review its implementation. The concept of organisation safety policy refers to making correct use of users' accounts and corporate data stored in the system.

When do I need it?

An audit may be related to specific processes under way in the company, including:

  • designing an IT system, including hardware and software,
  • implementation of an IT system,
  • restructuring of business processes involving IT tools,
  • an audit of software and introduction of licence management policy.

Why us?

Our company being an expert in safety systems offers the following services:

  • Evaluation of current safety level,
  • Identification of possible threats,
  • Selection of optimal protective measures,
  • Installation and implementation of suggested solutions,
  • Supervision of protection systems in use.

Our certified experts, authorised to perform any activities aimed at providing the highest degree of electronic data safety are ready to contact you to evaluate and analyse your current protection level and to develop recommendations for improving it.

What are benefits of an audit?

Herewith some frequently asked questions which can be answered in the result of performing an audit:

  • Are your password requirements defined properly? Are the current passwords easy to crack? Do they have expiry dates?
  • What is the status of documentation of changes in configuration and access passwords? Who is supervising them and in what manner?
  • Is the register of access to data up to date and is it supervised by competent persons?
  • Do you use a variety of protective mechanisms? Do they meet main guidelines of your safety policy? Do you have any encryption tools? For what reasons were they selected?
  • Do you remove redundant application from system resources? Are the remaining ones adjusted to your current requirements?
  • How do you store backup copies? Who has access to them? How often do you update them?
  • Do you have an emergency plan in case of risk? Would the persons involved be able to act adequately?