FINAL INTERNAL AUDIT REPORT
|
|
- Ira Oliver
- 8 years ago
- Views:
Transcription
1 FINAL INTERNAL AUDIT REPORT Organisation and Management of Firewalls (IA /F) Steve Allen, Managing Director, Finance Audit Conclusion: Audit Closed 25 February 2015 Issue categories Agreed actions Satisfactorily addressed Partially addressed No longer applicable Not addressed Priority Priority Priority
2 CONTENTS EXECUTIVE SUMMARY... 3 STATUS OF AGREED ACTIONS... 5 APPENDIX 1 DISTRIBUTION LIST... 9 Audit information Version 1 Draft versions issued 1 Draft report issued 18 February 2015 Audit Manager Emilija Antevska Director of Internal Audit Clive Walker Page 2
3 EXECUTIVE SUMMARY Objective The objective of this audit was to provide assurance that the firewall strategies and policies, and related governance arrangements that have been implemented to manage and control TfL firewall architectures, are cost effective, efficient and fit for purpose. Scope The audit focused on the control environment in relation to the following key risk areas: Firewall strategy and associated firewall governance structures; Design of current firewall architectures; Approach and key processes involved in establishing and managing the firewall policies and procedures; Approach in the development, deployment and management of firewall products and services; Approach in defining and managing firewall resilience, capacity and performance management; and Approach in securing defined firewall configurations. Summary of findings Our Interim Internal Audit Report dated 17 June 2014 entitled Organisation and Management of Firewalls outlined that all firewall related service requests for changes to be implemented by Fujitsu should be accompanied by an assessment performed by the IM service delivery and IM security teams to confirm their validity. Fujitsu s service technicians and solution architect then implement the firewall changes within defined business hours following the IM change management process. We identified eight priority 1 issues as follows: The cost-effectiveness of the enhanced firewall service had been undermined by the lack of a defined process to identify, manage and monitor the firewall changes that increase the annual charge paid by TfL to Fujitsu; The roles and responsibilities for IM in-house activities that support the delivery of the enhanced firewall services by Fujitsu had not been defined, assigned and enforced; Page 3
4 Formal IM guidance to cover critical aspects of managing firewalls was not available, including firewall strategy and roadmap, IT architecture and technology standards, firewall security and configuration standards, firewall monitoring, and firewall patch management policy; A complete and accurate record of firewall assets owned by TfL had not been maintained; A structured process to monitor firewall performance and proactively manage network capacity had not been implemented; End-of-life firewalls used for securing critical services had remained in use without plans for their decommissioning and replacement, potentially due to a lack of an agreed standardised end-of-life approach with Fujitsu; Forty percent of Fujitsu users with sensitive access to TfL firewall management consoles had not been security cleared as required by the Agreement; and There were no formal TfL disaster recovery plans that cover the testing of TfL firewalls or their backups to ensure a successful recovery in the event of a disaster. We have completed a follow up and confirmed that management has implemented all the actions agreed in respect of these findings. This audit is now closed. Page 4
5 STATUS OF AGREED ACTIONS Ref Agreed action Owner and due date Status Priority 1 actions 1. Review the firewall change process to ensure it is fit for purpose and implement changes to address the risk noted above. 2. Define a responsibility assignment matrix (RACI) for key stakeholders within IM relating to the management of IM controlled firewalls on the TfL network that includes, amongst others, activities relating to the end-of-life of firewalls. The RACI can then be used by the decision tree outlined in action Produce a firewall policy to include the discussion of lifecycle and firewall decision tree and approve for IM use. 29 August August 2014 Michele Hanson 28 November 2014 The IM Enhanced Firewall Service - Fujitsu work instruction has been reviewed to clearly specify a requirement that Fujitsu informs IM when the threshold for firewall changes is reached and obtains approval from TfL for any additional changes. All firewall changes are reported in Fujitsu s periodic service report. A matrix defining the responsibilities of key IM stakeholders relating to the management of IM controlled firewalls on the TfL network has been defined. A high level policy defining the implementation, operation and management of devices providing network based firewall Page 5
6 Ref Agreed action Owner and due date Status functionality for TfL has been drafted and approved for use by IM management. 4. Under instruction from IM Service Management Fujitsu are to create an inventory of firewall assets and work with Infrastructure Services to populate the CMDB with key configuration information. 5. IM to ensure that a documented process is in place for regular reconciliation of firewall changes within the CMDB. 6. IM to produce firewall specific guidance to dovetail into the Capacity Management process currently being developed by Service Management. 7. Develop a process for proactive management of firewalls to encapsulate: Service provider reporting on the age of firewalls; and Using the firewall decision tree 28 November August November November 2014 An inventory of firewall assets is maintained by Fujitsu and submitted every period to TfL IM Infrastructure Services to populate the CMDB. The process and responsibilities involved in reconciling the changes to TfL firewalls has been documented in a work instruction. The TfL IM Component Capacity Management guidance note specifies the requirement for capacity management of hardware infrastructure components, including firewalls. A TfL Security Review meeting is held between Fujitsu, TfL IM Information Security and TfL IM Service Management every period that covers, among other topics, proactive management of firewalls. Page 6
7 Ref Agreed action Owner and due date Status produced in action 3 to determine the need to replace the firewalls at end-oflife. 8. IM will produce a list of internal and external IM roles they recommend to be security screened or vetted and submit these requirements to HR. 9. The Information Security Gap Analysis proposal will make provision for people specific controls that include the screening of staff, contractors and third parties. This proposal will address a recommended single approach that speaks to the criteria for security clearances across TfL. Recommendations will comply with legal and regulatory requirements, and in accordance with best practice, will be provided to HR in relation to the perceived risks in due course. 10. Review the current IM Services Disaster Recovery arrangements. Complete Michele Hanson 30 September 2014 Rebecca Bissell Complete The Information Security Gap Analysis proposal makes provision for people specific controls that include the screening of staff, contractors and third parties. As above under action 8. The TfL IM Disaster Recovery Strategy was reviewed in April Page 7
8 Ref Agreed action Owner and due date Status 11. Produce a Disaster Recovery Plan Template in line with the DR Strategy, proposed documentation requirements, test & audit plans Neville Hinchliffe Complete A Disaster Recovery Plan Template has been produced in line with the above strategy. Page 8
9 APPENDIX 1 Distribution list This report was sent to Steve Allen, Managing Director, Finance, by Clive Walker, Director of Internal Audit, and copied to: Steve Townsend Trevor Jordan Matthew Griffin Rebecca Bissell Michele Hanson Paul Boulton Neville Hinchliffe Larry Botheras Loretta Donoghue Wayne Fitzgerald Philip Hewson Andrea Fourie Nigel Blore Andrea Clarke Andrew Pollins Howard Carter Robert Brent Chief Information Officer IM Head of IM Projects Delivery IMSS Lead Development Manager IM Head of Business Relationship Management IM Chief Information Security Officer IMSS Lead Development Manager Interim IM Head of Service Management IM Resilience and Business Continuity IM Infrastructure Manager IM Service Design and Assurance Manager IM Senior Quality, Assurance and Risk Analyst Head of Commercial ICT as Key Risk Representative Head of Group Insurance Director of TfL Legal Interim Chief Finance Officer General Counsel KPMG Page 9
Security of Back-up Media and Offsite Storage (IA_12_005) Steve Allen, Managing Director, Finance. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT Security of Back-up Media and Offsite Storage (IA_12_005) Steve Allen, Managing Director, Finance Audit Conclusion: Audit Closed Issue categories Agreed actions Satisfactorily
More informationReview of Controls over Remote Access (IA 12 407/F) Steve Allen, Managing Director, Finance. Audit Conclusion: Audit closed
FINAL INTERNAL AUDIT REPORT Review of Controls over Remote Access (IA 12 407/F) Steve Allen, Managing Director, Finance Audit Conclusion: Audit closed 16 June Issue categories Agreed actions Satisfactorily
More informationFINAL INTERNAL AUDIT REPORT. To: Steve Allen Managing Director, Finance. Project Document Control and Management Systems. (Conclusion: Audit Closed)
FINAL INTERNAL AUDIT REPORT To: Steve Allen Managing Director, Finance Project Document Control and Management Systems (Conclusion: Audit Closed) Ref: 20 September 2013 Fieldwork started 11 July 2013 Fieldwork
More informationImplementation of the Performance Data Warehouse (IA 13_615 /F) Mike Brown, Managing Director, Rail and Underground. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT Implementation of the Performance Data Warehouse (IA 13_615 /F) Mike Brown, Managing Director, Rail and Underground Audit Conclusion: Audit Closed 8 August Issue categories
More informationBusiness Expenses and Purchasing Cards (IA 12 123/F) Steve Allen, Managing Director, Finance. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT Business Expenses and Purchasing Cards (IA 12 123/F) Steve Allen, Managing Director, Finance Audit Conclusion: Audit Closed 17 February 2014 Issue categories Agreed actions
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT Security of Data within Santander Cycle Hire (IA 15 412) Leon Daniels, Managing Director, Surface Transport Audit Conclusion: Well Controlled and Audit Closed 16 July 2015 Number
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT HR Document Management (IA 12 108/F) Tricia Riley, HR Director Audit Conclusion: Audit Closed 9 March 2015 Issue categories Agreed actions Satisfactorily addressed Partially
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT Viewpoint Staff Survey (IA 13 139/F) Tricia Riley, HR Director Vernon Everitt, Managing Director, Customer Experience, Marketing and Communications Audit Conclusion: Audit Closed
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT Accounts Receivable (IA 14 123/F) Steve Allen, Managing Director, Finance Audit Conclusion: Audit Closed 5 August Issue categories Agreed actions Satisfactorily addressed Partially
More informationFINAL INTERNAL AUDIT REPORT. Steve Allen, Managing Director, Finance
FINAL INTERNAL AUDIT REPORT Procure to Pay (IA 13 126/F) Steve Allen, Managing Director, Finance Audit Conclusion: Audit Closed 19 June 2015 Issue categories Agreed actions Satisfactorily addressed Partially
More informationBusiness Continuity Arrangements for Management and Support Activities (IA 12 113/F) EXECUTIVE SUMMARY... 3 STATUS OF AGREED ACTIONS...
FINAL INTERNAL AUDIT REPORT Business Continuity Arrangements for Management and Support Activities (IA 12 113/F) Leon Daniels, Managing Director, Surface Transport Audit Conclusion: Audit Closed 15 May
More informationVoluntary Severance Process (IA 12 107/F) Tricia Riley, Director of Human Resources. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT Voluntary Severance Process (IA 12 107/F) Tricia Riley, Director of Human Resources Audit Conclusion: Audit Closed 5 August 2013 Issue categories Agreed actions Satisfactorily
More informationLondon River Services Security Risk Management (IA 13 013/F) Leon Daniels, Managing Director, Surface Transport. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT London River Services Security Risk Management (IA 13 013/F) Leon Daniels, Managing Director, Surface Transport Audit Conclusion: Audit Closed 25 June 2014 Issue categories
More informationINTERIM INTERNAL AUDIT REPORT
INTERIM INTERNAL AUDIT REPORT Graduate Schemes (IA 14 137) Tricia Riley, HR Director Audit Conclusion: Well Controlled and Audit Closed 31 July 2015 TfL RESTRICTED CONTENTS EXECUTIVE SUMMARY... 3 APPENDIX
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT IT Change Control Processes in Customer Experience (IA 15 431/F) Vernon Everitt, Managing Director, Customer Experience, Marketing and Communications Audit Conclusion: Well
More informationManagement of NEC3 Compensation Events (IA 12 521) Andrew Wolstenholme, Chief Executive. Audit Conclusion: Adequately Controlled and Audit Closed
FINAL INTERNAL AUDIT REPORT Management of NEC3 Compensation Events (IA 12 521) Andrew Wolstenholme, Chief Executive Audit Conclusion: Adequately Controlled and Audit Closed 02 December 2013 Number of issues
More informationFINAL INTERNAL AUDIT REPORT
FINAL INTERNAL AUDIT REPORT Management of the new Taxi and Private Hire (TPH) contract (IA 14 616/F) Leon Daniels, Managing Director, Surface Transport Audit Conclusion: Audit Closed 5 February 2016 Issue
More informationTransport for London. Minutes of the Audit and Assurance Committee
Transport for London Minutes of the Audit and Assurance Committee Conference Rooms 1 and 2, Ground Floor, Palestra, 197 Blackfriars Road, London, SE1 8NJ 10.00am, Tuesday 8 December 2015 s Keith Williams
More informationMarket Conditions and Costs (IA 13 513F) Andrew Wolstenholme, Chief Executive. Audit Conclusion: Well Controlled and Audit Closed
FINAL INTERNAL AUDIT REPORT Market Conditions and Costs (IA 13 513F) Andrew Wolstenholme, Chief Executive Audit Conclusion: Well Controlled and Audit Closed 22 January 2014 Number of issues Priority 1
More informationAgency Temporary Worker Processes (IA 12 140/F v1) Tricia Riley, HR Director. Audit Conclusion: Audit Closed
FINAL INTERNAL AUDIT REPORT Agency Temporary Worker Processes (IA 12 140/F v1) Tricia Riley, HR Director Audit Conclusion: Audit Closed 23 October 2014 Issue categories Agreed actions Satisfactorily addressed
More informationFinancial Controls over Payments to Contractors on Major Projects (IA 12 119 F) Leon Daniels, Managing Director, Surface Transport
FINAL INTERNAL AUDIT REPORT Financial Controls over Payments to Contractors on Major Projects (IA 12 119 F) Leon Daniels, Managing Director, Surface Transport Audit Conclusion: Audit Closed 28 June 2013
More informationCode of Practice for Cyber Security in the Built Environment
Brochure More information from http://www.researchandmarkets.com/reports/3085299/ Code of Practice for Cyber Security in the Built Environment Description: This code of practice explains why and how cyber
More information3.5 The findings from the review will be reported to the next meeting of the Audit and Assurance Committee.
Audit and Assurance Committee Date: 15 June 2012 Item 11: KPMG Review of Internal Audit Effectiveness This paper will be considered in public 1 Summary 1.1 The purpose of this paper is to present to the
More information5 CMDB GOOD PRACTICES
5 CMDB GOOD PRACTICES - Preparing for Service Asset and Configuration Management Wade Palmer, Director of IT Services ii TABLE OF CONTENTS INTRODUCTION... 1 1. KEY CMDB ELEMENTS... 1 2. IT CHANGE MANAGEMENT
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationCisco Unified Communications Predeployment, Deployment, and Postdeployment Service Bundle
Cisco Unified Communications Predeployment, Deployment, and Postdeployment Service Bundle Successfully deploy a secure, resilient Cisco Unified Communications solution, accelerating business advantage.
More information1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects
1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects b) The path to Service Delivery and Service Support for efficient and effective
More informationISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT. Guidelines for candidates who are taking the ICT Infrastructure Examination
ISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT Guidelines for candidates who are taking the ICT Infrastructure Examination This qualification is based on ITIL Infrastructure Management as
More informationN e t w o r k E n g i n e e r Position Description
Position Title: Group/Division/Team Network Engineer Business Technology Services / IT Operations Division Date October 2011 Reports to Roles Reporting to This Primary Objective Decision Making Authority
More informationAppendix A-2 Generic Job Titles for respective categories
Appendix A-2 for respective categories A2.1 Job Category Software Engineering/Software Development Competency Level Master 1. Participate in the strategic management of software development. 2. Provide
More informationMapping the Technical Dependencies of Information Assets
Mapping the Technical Dependencies of Information Assets This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More informationFirewall Administration and Management
Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall
More informationPosition Description For ICT Support Officer Information, Technology and Communication Department Hobart
Position Description For ICT Support Officer Information, Technology and Communication Department Hobart Programme: ICT Services Location: Based in Hobart with travel within Tasmania Reports To: ICT Manager
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationMigrating to the Cloud. Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services
Migrating to the Cloud Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services Organisations are looking for new ways to deliver IT services and demanding that ICT
More informationService Asset & Configuration Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationDRAFT Disaster Recovery Policy Template
DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...
More informationFree ITIL v.3. Foundation. Exam Sample Paper 1. You have 1 hour to complete all 40 Questions. You must get 26 or more correct to pass
Free ITIL v.3. Foundation Exam Sample Paper 1 You have 1 hour to complete all 40 Questions You must get 26 or more correct to pass Compliments of Advance ITSM www.advanceitsm.com 1. What is the main reason
More informationFINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
More informationFISCAL PLAN RESPONSE TO THE AUDITOR GENERAL
Government FISCAL PLAN RESPONSE TO THE AUDITOR GENERAL OCTOBER 2015 127 TABLE OF CONTENTS RESPONSE TO THE AUDITOR GENERAL October 2015.... 129 128 RESPONSE TO THE AUDITOR GENERAL FISCAL PLAN 2016 19 RESPONSE
More informationJune 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers
John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information
More informationCloud Security checklist Are you really ready for Cloud
checklist Are you really ready for Cloud Introduction Once you have assessed the benefits of migrating a business system or its function to the Cloud (See our White Book of Cloud Adoption), the next step
More informationNOT PROTECTIVELY MARKED. A087 Version 1.0
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Vulnerability & Patch Management POLICY REFERENCE NUMBER A087 Version 1.0 POLICY OWNERSHIP DIRECTORATE
More informationTransition Guidelines: Managing legacy data and information. November 2013 v.1.0
Transition Guidelines: Managing legacy data and information November 2013 v.1.0 Document Control Document history Date Version No. Description Author October 2013 November 2013 0.1 Draft Department of
More information3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;
Enterprise Content Management (ECM) Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for enterprise content management across Redland City Council (RCC). This document
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationUniversity of Central Florida Class Specification Administrative and Professional. Information Security Officer
Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team
More informationDublin City University
Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset
More informationREQUEST FOR MAYORAL DECISION MD405. Title: Disaster Recovery Services
REQUEST FOR MAYORAL DECISION MD405 Title: Disaster Recovery Services Executive Summary: In May 2006, the GLA entered into an agreement with a recovery partner to offer immediate replacement IT equipment
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationCONTENTS. List of Tables List of Figures
Prelims 13/3/06 9:11 pm Page iii CONTENTS List of Tables List of Figures ix xi 1 Introduction 1 1.1 The Need for Guidance on ERP System Validation 1 1.2 The Need to Validate ERP Systems 3 1.3 The ERP Implementation
More informationITIL V3 Foundation Certification - Sample Exam 1
ITIL V3 Foundation Certification - Sample Exam 1 The new version of ITIL (Information Technology Infrastructure Library) was launched in June 2007. ITIL V3 primarily describes the Service Lifecycle of
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.18 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Server Life Cycle Management Formerly Book: 95-01-11-01:01 Approval Authority: Vice
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationEXPLORING THE CAVERN OF DATA GOVERNANCE
EXPLORING THE CAVERN OF DATA GOVERNANCE AUGUST 2013 Darren Dadley Business Intelligence, Program Director Planning and Information Office SIBI Overview SIBI Program Methodology 2 Definitions: & Governance
More informationMaximize potential with services Efficient managed reconciliation service
RECONCILIATION IntelliMatch Operational Control services Optimize. PRODUCT SHEET Maximize potential with services Efficient managed reconciliation service Overview At its best, technology provides financial
More informationAppendix D : Pricing Schedule
THE BITS GROUP, BITS INC. Contract # Page 1 Appendix D : Pricing Schedule Agreement between the New York State Office of General Services and for Project Based Information Technology Consulting Services
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationDatacenter Migration Think, Plan, Execute
Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With
More information6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)
www.peaklearningllc.com 6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days) Introduction This three-day instructor-led course teaches students how to implement and manage Windows Server
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationFujitsu Private Cloud Customer Service Description
Fujitsu Private Cloud Customer Service Description Fujitsu Private Cloud forms part of Fujitsu Hybrid IT portfolio to address the full range of Customers requirements and business needs by providing agility
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationRoles & Grades Rate Cards and Applicable SFIA Skills
Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationHP Customer Support. Remote Server Management. an Outtasking Solution Outline
HP Customer Support Remote Server Management an Outtasking Solution Outline Andreas Meinert Support Solution Architect DataCenter Solution Services, HP Germany 2004 Hewlett-Packard Development Company,
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationM6422A Implementing and Managing Windows Server 2008 Hyper-V
M6422A Implementing and Managing Windows Server 2008 Hyper-V Looking at Training Differently... Course 6422A: Implementing and Managing Windows Server 2008 Hyper-V Length: Published: Language(s): Audience(s):
More informationANNEXURE A. Service Categories and Descriptions 1. IT Management
Service Categories and Descriptions 1. IT Management The ICT Management Services portfolio consists of services traditionally related to the technical or functional governance of an ICT domain, but with
More informationDEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE
DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE 1 Introduction and Instructions This sample Statement
More informationE2E Project Management Process Governance (Electric Capital)
Attachment AG-1-8-10 Page 1 of 10 E2E Project Management Process Governance (Electric Capital) Report No. 1332 Final Distribution Final Report Audit Team: Report Grading: Number of Findings: Date of issue
More informationITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition
Take your ITIL skills to the next level ITIL Lifecycle ITIL Intermediate: Part of the complete ITIL Education Program Advance your career Add value to your organisation Gain credits towards ITIL Expert
More informationScope The data management framework must support industry best practice processes and provide as a minimum the following functional capability:
Data Management Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for data management across Redland City Council (RCC). This document will provide direction and
More informationTHE WALTER AND ELIZA HALL INSTITUTE OF MEDICAL RESEARCH POSITION DESCRIPTION
THE WALTER AND ELIZA HALL INSTITUTE OF MEDICAL RESEARCH POSITION DESCRIPTION POSITION TITLE: Head, Information Technology Services DIVISION / DEPARTMENT: Information Technology Services DATE: 2 June 2009
More informationService description RFL Virtual Data Centre
Service description RFL Virtual Data Centre IaaS G-Cloud 6 1 Contents Overview... 3 Highlights... 3 Description... 3 Use cases... 3 Use cases... 5 Use cases... 5 Pricing... 5 Information assurance... 5
More informationITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting
ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting Date November 2011 Company UXC Consulting Version Version 1.5 Contact info@uxcconsulting.com.au http://www.uxcconsulting.com.au This summary
More informationSCHEDULE 8 Generalist Project Services Framework 2015
SCHEDULE 8 Generalist Project Services Framework 2015 Nominal Insurer And Schedule 8 (Project Services Framework) Page: 1 of 6 Schedule 8 Generalist Project Services Framework Contents Overview... 3 1.
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationMicrosoft Windows Server 2008: MS-6422 Implementing and Managing Hyper V Virtualization 6422
coursemonster.com/us Microsoft Windows Server 2008: MS-6422 Implementing and Managing Hyper V Virtualization 6422 View training dates» Overview This three day instructor led course teaches students how
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationFront Metrics Technologies Pvt. Ltd. Capacity Management Policy, Process & Procedures Document
Pvt. Ltd. Capacity Management Policy, Process & Procedures Document Client: Pvt. Ltd. Date : 03/04/2011 Version : 0.6 GENERAL Description Purpose Applicable to Supersedes This document establishes a Capacity
More informationPosition Description
Position Description Position Title: Group/Division/Team: WebCenter / UCM Technical Support Business Technology Services Group / IT Operations Division Date: December 2011 Reports To: Roles Reporting To
More informationJob Description. Job Title: Network Services Manager. Department: INFORMATION TECHNOLOGY MAIN PURPOSE OF JOB: MAIN DUTIES AND RESPONSIBILITIES:
Job Description Job Title: Network Services Manager Department: INFORMATION TECHNOLOGY Responsible to: ICT/IS Manager Number of people directly managed: No direct permanent HHL reports: - Supervision of
More informationNORTHERN IRELAND FIRE & RESCUE SERVICE JOB DESCRIPTION
MAIN PURPOSE OF JOB NORTHERN IRELAND FIRE & RESCUE SERVICE JOB DESCRIPTION IT PROJECT AND SECURITY MANAGER (GRADE PO2) INFORMATION TECHNOLOGY DEPARTMENT JOB REF: N45/11/06 SALARY: 27,492.00 TO 29,859.00
More informationIT Services Management Service Brief
IT Services Management Service Brief Service Continuity (Disaster Recovery Planning) Prepared by: Rick Leopoldi May 25, 2002 Copyright 2002. All rights reserved. Duplication of this document or extraction
More informationOptimizing the Data Center for Today s Federal Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,
More informationImplementing and Managing Windows Server 2008 Hyper-V
Course 6422A: Implementing and Managing Windows Server 2008 Hyper-V Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 300 Technology: Windows Server 2008 Type: Course Delivery Method:
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationBridged Apps: specialise in the deployment of many well known apps, as well as building customer made apps, websites, and SEO.
Bridging The Gap Bridged Group is the Strategic partner of The Telstra Business Centre and Telstra Store. We are a Telstra Preferred Cloud Partner with over 35 years of experience between our senior staff
More informationMaster Data Management Enterprise Architecture IT Strategy and Governance
? Master Data Management Enterprise Architecture IT Strategy and Governance Intertwining three strategic fields of Information Technology, We help you Get the best out of IT Master Data Management MDM
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationOptimizing the Data Center for Today s State & Local Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S STATE...... &.. LOCAL...... GOVERNMENT.......................... Optimizing the Data Center for Today s State & Local Government Who should read this
More informationR Scott Murchison CRM
R Scott Murchison CRM SVP Information Governance Service Kaizen InfoSource LLC Information Management s Impacts on Litigation and ediscovery Relationship of IM and Litigation Role of Information Manager
More information28400 POLICY IT SECURITY MANAGEMENT
Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More information