Audits and inspections of your IT infrastructure

Workplaces and equipment:

• cable systems,
• uninterruptible power supplies,
• office equipment,
• servers.

Software:

• availability of licenses
• rights to use
• compliance of installed programs.

Channels of communication:

• data channels,
• telephony,
• corporate email.

Information Security:

• antivirus protection,
• antispam,
• network settings,
• storage systems, etc.

Even if your company has a system administrator in the staff, he can’t himself provide an independent audit, he will encounter a number of problems. A large amount of work cannot be combined with his current duties.

Possible problems are:

• lack of qualified staff;
• lack of understanding the need of an audit by the company’s management;
• incomplete documentation of hardware and software;
• the need to establish a complete list of passwords;
• problems of cooperation with remote offices.

Separately it can be indicated the disinterest of the full-time system administrator to show the true state of affairs. In this case, it is necessary to entrust the audit to a specialized company interested in providing objective information. Outsourcing companies have a staff capable of providing a quick audit and offering a turnkey solution.

During the audit of the IT infrastructure’s hardware, the following rules must be adhered:

• equipment audit should be carried out according to selected categories — servers, peripherals, passive or active network equipment, power supplies, auxiliary equipment;
• independent drawing up of SCS schemes, existing ones may contain errors;
• assessment of the equipment state, data on the service lifetime must be clarified in the accounting department;
• analysis of equipment compliance with the tasks;
• assessment of the capacity of servers, that is necessary for making a decision on their modernization, replacement or merging;
• server virtualization, which help to avoid the purchase of new equipment;
• participation of system aggregators in the process of organizing budgetary communication with branches.

All changes made as a result of the audit (tested schemas, data, passwords, configurations) must be documented.

The IT infrastructure audit report includes the following sections:

1. table of contents;
2. office layout with the designation of separate spaces;
3. local network diagram, topology;
4. list of active network equipment;
5. passive components of the local network;
6. external services;
7. workplaces, including planned and vacant ones;
8. equipment and software used by staff at the workplaces;
9. periphery equipment;
10. identified problems, ways to eliminate them;
11. network administrator’s note;
12. measures to improve the work of the company’s IT-sphere;
13. comments.

One of the main results of the audit is specific recommendations for improving the efficiency of the IT infrastructure and enhancing security.