Case Study :-IT Audit of manufacturing company


Home > Case Study :-IT Audit of manufacturing company

Task TitleIT Audit of manufacturing company
Industry VerticalIManufacturing Mechanical Parts
Industry DetailsFirm manufactures parts and exports
Mission critical infrastructure to connect global offices
Web portal for global inventory and vendor management
Centralized infrastructure
LocationAhmedabad, Pune (India)
Time to solution1 Months

Business situation

The manufacturing firm based out of India and having offices all over the country, approached Valency
Networks for the purpose of performing serious and elaborate IT audit for their IT infrastructure. The sole
purpose behind this mission was to be compliant and be able to apply for important certifications in the
manufacturing industry verticals.

Solution

  • Valency Networks started work via a kickoff meeting with stakeholders and explained the
    importance of IT audit and informed how it is executed.
  • A map of IT infrastructures to be part of the audit, was created and scope was defined in terms of
    what needs to be audited
  • Senior management was informed about the audit dates and execution approaches.
  • First the physical audit was performed to check for person based loopholes, surveillance systems and biometrics etc.
  • Another round of in-person audit visits were performed to check security processes at critical
    points, such as entry into IT datacenters, password schemes. IT staff was interviewed during this
    time to gain knowledge of various processes being followed and not being followed.
  • As a part of audit, social engineering ethical hacking methods were used to try gaining inside
    knowledge about infrastructure and data security.
  • A detailed penetration test was performed to find vulnerabilities in terms of technology
    infrastructure. Vulnerability assessment report was created as an outcome of the test.
  • A detailed audit report mentioning areas that failed with non-compliance, areas which exhibited
    adequate security and process following, and also the areas which were in-tact.
  • Audit report was read in front of the firm’s senior management and IT staff to be on the same
    page and address and remove any disputes or discrepancies.

Benefits

  • Manufacturing firm’s senior management achieved their objective to be in compliance.
  • Value addition was achieved by addressing vulnerabilities found during penetration test and
    acting on those. Best practices to be followed for the given business and technology scenario
    were achieved too.
  • Firm was eventually able to go for their necessary certifications meant for manufacturing sector
    and also achieved awards related to overall safety.