{"id":3707,"date":"2021-03-14T17:45:31","date_gmt":"2021-03-14T21:45:31","guid":{"rendered":"https:\/\/iesmartsystems.com\/?p=3707"},"modified":"2021-03-14T17:45:31","modified_gmt":"2021-03-14T21:45:31","slug":"technology-audit","status":"publish","type":"post","link":"https:\/\/iesmartsystems.com\/technology-audit\/","title":{"rendered":"Guide To Performing A Technology Audit"},"content":{"rendered":"
Technology seems to wash over the world in waves, with each new deluge erasing the one that came before \u2014 or so it seems. For businesses, this pattern leaves layers of outdated equipment, unpatched software, and unseen vulnerabilities. In the world of software development, this dynamic appears in the form of cruft and technical debt, also known as \u201cthe code we\u2019ll get around to cleaning\/fixing later.\u201d Every organization deals with these conditions at some level and measuring the severity is important for two reasons: first, to take stock of your organization\u2019s technological \u201chealth\u201d and second, to form a plan for getting healthier. Enter the technology audit, which is a lot like a yearly physical exam from your doctor, but instead of looking at biomarkers, you\u2019re looking at how well electricity and data flow through your business.<\/span><\/p>\n<\/div> A technology audit is a methodical way to catalog all of the equipment and software systems that your business uses or stores. At the absolute bare minimum, you should come away with a detailed inventory list. A thorough audit should also include details such as:\u00a0<\/span><\/p>\n<\/div> Current operational status<\/span><\/p>\n<\/div><\/li> Expected serviceable life<\/span><\/p>\n<\/div><\/li> Dependencies<\/span><\/p>\n<\/div><\/li> Asset value<\/span><\/p>\n<\/div><\/li> Need for redundancy and redundancy status<\/span><\/p>\n<\/div><\/li> Access controls (credentials, keys, passcodes, etc.)<\/span><\/p>\n<\/div><\/li> Infrastructures such as power, data networks, and disaster readiness<\/span><\/p>\n<\/div><\/li><\/ul> Put another way, an information technology audit is an attempt to document your organization\u2019s technology capacity and needs, including regulatory compliance, security, and data backups. It also helps you ensure that your IT department has the tools and equipment they need to succeed.<\/span><\/p>\n<\/div> The audit process is an opportunity to identify unnecessary equipment, unused software, and operational risk from systems that may need repair or aren\u2019t properly backed up. Even if your IT department is running smoothly, a regular technology audit will help you establish a robust disaster recovery plan, a business continuity plan, as well as accurate budgeting for equipment and software. Imagine that you have thousands of dollars worth of unused equipment that could be sold, or written off due to obsolescence, sitting in a closet or warehouse; or maybe you discover that you\u2019re still paying for an expensive software subscription that no one uses, or that is functionally redundant (in a bad way) \u2014 a technology audit helps you discover and address these kinds of issues.<\/span><\/p>\n<\/div> For most businesses, the reason they haven\u2019t performed a technology audit isn\u2019t laziness or lack of desire, it just feels like distracts from the work of running the business. Your team is busy and performing an audit probably sounds slightly more exciting than watching paint dry. One solution is to scope out the project and break it into weekly sprints and tasks that your team can tackle piece by piece. Since your IT team is going to perform the audit, you need to set healthy expectations and objectives. Don\u2019t think of a technology audit as an optional project, agree to make it a regular part of your business operation.\u00a0<\/span><\/p>\n Here\u2019s an example of just how essential a technology audit can be: in early 2020 when the states began locking down in response to the coronavirus pandemic, many banks and credit unions were totally unprepared. Either their disaster recovery and business continuity plans didn\u2019t include employees working from home, or they hadn\u2019t revisited the plan and everything was outdated. A thorough technology audit would have revealed this vulnerability and perhaps eased the pain of moving to support customers in a remote environment.<\/span><\/p>\n<\/div> The purpose of an audit isn\u2019t box-checking and report-writing, it\u2019s to examine the technology systems of your organization from multiple angles so you can fix what\u2019s broken and prepare for the unexpected. Here are a few major issues that could torpedo your information technology audit.<\/span><\/p>\n You should customize this template for your business and empower your audit team to look for unlisted vulnerabilities as well opportunities for better security, lower equipment costs, and greater resiliency.<\/span><\/p>\n<\/div> Current operational status<\/span><\/p>\n<\/div><\/li> Expected serviceable life<\/span><\/p>\n<\/div><\/li> Manufacturer\/Developer warranty and support<\/span><\/p>\n<\/div><\/li> Dependencies<\/span><\/p>\n<\/div><\/li> Asset value<\/span><\/p>\n<\/div><\/li> Need for redundancy and redundancy status<\/span><\/p>\n<\/div><\/li> Access controls (credentials, keys, passcodes, etc.)<\/span><\/p>\n<\/div><\/li><\/ul> Up-to-date policy and procedure documentation<\/span><\/p>\n<\/div><\/li> Penetration testing of systems that handle sensitive data<\/span><\/p>\n<\/div><\/li> Penetration testing of firewall and intrusion prevention measures<\/span><\/p>\n<\/div><\/li> Discrete storage for sensitive data<\/span><\/p>\n<\/div><\/li> Wireless network integrity<\/span><\/p>\n<\/div><\/li> Check for unathorized access points<\/span><\/p>\n<\/div><\/li> Access controls<\/span><\/p>\n<\/div><\/li><\/ul> EU’s General Data Protection Regulation (GDPR)<\/span><\/p>\n<\/div><\/li> California Consumer Privacy Act (CCPA)<\/span><\/p>\n<\/div><\/li> Health Insurance Portability and Accountability Act of 1996 (HIPAA)<\/span><\/p>\n<\/div><\/li> Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)<\/span><\/p>\n<\/div><\/li> Sarbanes-Oxley Act of 2002 (SOX)<\/span><\/p>\n<\/div><\/li> Payment Card Industry Data Security Standard (PCI DSS)<\/span><\/p>\n<\/div><\/li> Any other specific regulations that govern your business or industry<\/span><\/p>\n<\/div><\/li><\/ul> Most recent test of backup system<\/span><\/p>\n<\/div><\/li>What Is A Technology Audit?<\/span><\/h2><\/div>
The Value Of A Technology Audit Can Be Huge<\/span><\/h2><\/div>
Performing A Technology Audit Isn\u2019t For Everyone<\/span><\/h2><\/div>
Avoid These Common Mistakes<\/span><\/h2><\/div>
\n
Technology Audit Checklist Template<\/span><\/h2><\/div>
Hardware and Software<\/span><\/h3><\/div>
Security Systems<\/span><\/h3><\/div>
Regulatory Compliance (where applicable)<\/span><\/h3><\/div>
Data Integrity<\/span><\/h3><\/div>