IT Security Audits
Our IT Security Audits (sometimes called IT or Health Checks) provide an independent 3rd party review by an IT expert
The Breathe Technology IT Network Security Audit Service provides an evaluation of your network focusing on elements such as Topology, Security, Reliability, Disaster Recovery, Licensing and running cost.
An IT Security Audit performed by a qualified third party can capture information that in-house staff do not have the time, resource, experience or equipment to check. We are unbiased and have a strong understanding of how to design, build and support networks.
If you are already outsourcing your IT and question the current status of your network, it may be the ideal opportunity to get an unbiased view. We can assist with short term goals such as consolidation, security or reducing cost. We are also able to assist with longer term goals while providing a more strategic perspective.
Why do an IT Security Audit?
- If you are unsure if your firewall is configured correctly, e.g. firewalls, backup, system updates..
- If you have Office 365 but are unsure if your firewall has a separate filter.
- If you have doubts about how your IT is being supported.
- If your network is not performing or has become unreliable.
- If you have had a security breach, however minor.
- If you allow staff to use their own devices for business.
- If you allow staff to work from home or remotely.
- If you are considering significant changes or a rebuild of your network.
- If you are planning expansion/relocation/additional site
- Or if you have grown in recent months/years without a supporting IT strategy (e.g simply adding hardware/software as needed).
These are just some of the reasons you would benefit from a Network Security Audit. There are many more. It is now essential to put IT at the forefront of business planning, and a Network Security Audit is the first step
We also offer network penetration testing services
IT Security Audit Process
During the process, we will evaluate all relevant components of your network, highlighting areas that work well, areas of concern and provide recommendations in simple to understand language, with full technical back up information.
As part of the Audit, we will produce a summary document, which will become a valuable ‘To do’ list, and for many of our customers becomes part of an ongoing IT development plan.
Breathe Auditors follow the industry best practice and principles from ISACA as a globally recognized certification and industry authority for IS audit control, assurance and professional security processes.
Being ISACA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.
What does the audit include?
- LAN Topology (Current and the ideal scenario)
- Internet Connectivity and Hosting
- The infrastructure (On-Premise & Cloud) & Configuration
- Hardware ages and warranties
- Server Infrastructure
- Storage Infrastructure
- Virtualisation, cloud and physical servers
- Domain and active directory services
- Operating Systems and related Software
General Desktop Environment
- End user devices
- Staff awareness and general IT experience
- Specific issues that can be rectified to improve staff confidence
Security and Data Protection
- WAN / Public Facing Services
- Firewalls and other appliances
- Anti-Virus and other Malware Protection
- Encryption of portable devices and storage
- Operating System updates
- Backup, Disaster recovery and Business Continuity
- Strategic Objectives of the organisation and IT Alignment
- Internal Team or Outsourcing Organisation
- ISO or other requirements
- General Management of IT
When is an audit needed?
Most of our customers tend to do an audit preceding another important event. These typically include:
- Changing of IT Service Providers. It ensures you understand the state of play and get all your information before moving to a new provider.
- Before embarking on larger projects that result in significant infrastructure / topology changes such as VDI Implementation, Backup and DR, A Network Rebuild, Server or Networking Refresh
- Changing of the organisations management team. The new manager needs to get a handle on things and understand exactly what is in place
- ISO Certifications such as ISO4001, ISO27001 or ISO27002
- Requirement place on you by your customers
- When there are technical issues or doubts regarding the IT such as performance, liability, security, business continuity or licensing as examples.