Case Study :-IT Audit of manufacturing company
IT Audit of manufacturing company
||Manufacturing Mechanical Parts
||Firm manufactures parts and exports
Mission critical infrastructure to connect global offices
Web portal for global inventory and vendor management
||Ahmedabad, Pune (India)
|Time to solution
The manufacturing firm based out of India and having offices all over the country, approached Valency Networks for the purpose of performing serious and elaborate IT audit for their IT infrastructure. The sole purpose behind this mission was to be compliant and be able to apply for important certifications in the manufacturing industry verticals.
- Valency Networks started work via a kickoff meeting with stakeholders and explained the
importance of IT audit and informed how it is executed.
- A map of IT infrastructures to be part of the audit, was created and scope was defined in terms of
what needs to be audited
- Senior management was informed about the audit dates and execution approaches.
- First the physical audit was performed to check for person based loopholes, surveillance systems and biometrics etc.
- Another round of in-person audit visits were performed to check security processes at critical
points, such as entry into IT datacenters, password schemes. IT staff was interviewed during this
time to gain knowledge of various processes being followed and not being followed.
- As a part of audit, social engineering ethical hacking methods were used to try gaining inside
knowledge about infrastructure and data security.
- A detailed penetration test was performed to find vulnerabilities in terms of technology
infrastructure. Vulnerability assessment report was created as an outcome of the test.
- A detailed audit report mentioning areas that failed with non-compliance, areas which exhibited
adequate security and process following, and also the areas which were in-tact.
- Audit report was read in front of the firm’s senior management and IT staff to be on the same
page and address and remove any disputes or discrepancies.
- Manufacturing firm’s senior management achieved their objective to be in compliance.
- Value addition was achieved by addressing vulnerabilities found during penetration test and
acting on those. Best practices to be followed for the given business and technology scenario
were achieved too.
- Firm was eventually able to go for their necessary certifications meant for manufacturing sector
and also achieved awards related to overall safety