WPT Audit of Existing IT Environment

WPT Audit of existing IT environment

Contents

1. Introduction 2

2. Purpose 2

3. Scope 2

5. Current computer users 5

6. Data storage and access 6

7. Computer use and practice 6

8. User and manager interviews 7

9. Conclusion and recommendations 8

1. Introduction

Wizard Publishing and Training has a growing dependency on its information systems, data, and information processing capabilities. Organisational management has determined that a review of the current IT environment and IT usage practices is required.

For the purposes of this policy the following definitions are assumed:

·  Data — this is any information stored on electronic media or sourced through network connections

·  Information — in most cases interchangeable with data but also includes reports generated from Wizard Publishing and Training systems

·  Information systems — this includes all hardware, software, applications, source code, network equipment and communications equipment.

2. Purpose

This document provides Wizard Publishing and Training with an audit of its IT environment and current IT practices. This information will be used to formulate changes to the current IT environment and practices to enhance business operations and plan for future business growth.

3. Scope

This document applies to all of the single Wizard Publishing and Training metropolitan site and all current employees, staff and contractors with access to information systems. Information within this document is accurate up until 30/11/2008.

Computer equipment asset list

Table 1 lists all known computer equipment.

Table 1: Computer equipment (WPT)

Asset no / Serial no / Description / Location / CPU / Memory / Disk / Operating system /
CE00003 / Computer wkstn / Manager office 1 / PIII 550Mhz / 256MB / 20GB / windows 2000 pro
CE00004 / Computer wkstn / Manager office 2 / PIII 550Mhz / 256MB / 40GB / windows XP
CE00005 / Computer wkstn / Manager office 3 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00006 / Computer wkstn / HR office 1 / PIII 550Mhz / 256MB / 20GB / windows XP pro
CE00007 / Computer wkstn / HR office 1 / PIII 550Mhz / 256MB / 10GB / windows XP pro
CE00008 / Computer wkstn / HR office 2 / PIII 550Mhz / 256MB / 10GB / windows XP pro
CE00009 / Computer wkstn / Finance Office 1 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00010 / Computer wkstn / Finance Office 1 / PIII
400Mhz / 128MB / 10GB / windows 98
CE00011 / Computer wkstn / IT Office / PIII 550Mhz / 256MB / 10GB / windows XP pro
CE00012 / Computer wkstn / Sales office 1 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00013 / Computer wkstn / Sales office 2 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00014 / Computer wkstn / Sales office 2 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00015 / Computer wkstn / Marketing Office 1 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00016 / Computer wkstn / Marketing Office 2 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00017 / Computer wkstn / Marketing Office 2 / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00018 / Computer wkstn / Print production area / P4 1.6Ghz / 1GB / 120GB / windows XP pro
CE00019 / Computer wkstn / Print production area / P4 866Mhz / 512MB / 80GB / windows xp pro
CE00020 / Computer wkstn / Print production area / P4 2.8Ghz / 1GB / 200GB / windows XP pro
CE00021 / Computer wkstn / Print production area / PIII 550Mhz / 256MB / 40GB / windows NT4 wkstn
CE00022 / Computer wkstn / Print production area / PIII 550Mhz / 256MB / 40GB / windows 2000 pro
CE00023 / Computer wkstn / Print production area / PIII 400Mhz / 128MB / 20GB / windows 98
CE00024 / Computer wkstn / Training Room / PIII 550Mhz / 256MB / 20GB / windows 2000 pro
CE00025 / Computer wkstn / Training Room / PIII 550Mhz / 256MB / 40GB / windows xp pro
CE00026 / Computer wkstn / Training Room / PIII 550Mhz / 256MB / 10GB / windows 98
CE00027 / Computer wkstn / Training Room / PIII 550Mhz / 256MB / 10GB / windows 2000 pro
CE00028 / Computer wkstn / Training Room / PIII 400Mhz / 128MB / 6GB / windows 98

Table 2 lists all known printers.

Table 2: Printers (WPT)

Asset no. / Serial no. / Device / Model / Location / Attached to
CP00001 / printer / Manager office 1
CP00002 / printer / Manager office 2
CP00003 / printer / Manager office 3
CP00004 / printer / HR office 1
CP00005 / printer / HR office 2
CP00006 / printer / Finance Office 1
CP00007 / printer / IT Office
CP00008 / printer / Sales office 1
CP00009 / printer / Sales office 2
CP00010 / printer / Marketing Office 1
CP00011 / printer / Marketing Office 2
CP00012 / printer / Print production area
CP00013 / printer / Print production area
CP00014 / printer / Print production area
CP00015 / printer / Print production area

All computers have dialup modems of various model and configurations, internal and external to provide internet access.

5. Current computer users

Table 3: Computer users (WPT)

Name / Status / Duties /
John West / Permanent Employee / CEO
Alice Morgan / Permanent Employee / Operations Manager
Helen Polous / Permanent Employee / General Manager
Isaac Trong / Permanent Employee / HR manager
Gina Olivetti / Permanent Employee / HR officer
Tom Ford / Permanent Employee / HR officer
Roybn Tinkel / Permanent Employee / Financial Manager
Geoffory Crusher / Permanent Employee / Accountant
Mary Lichon / Permanent Employee / Sales and Marketing
Emily Write / Permanent Employee / Sales officer
John Bellasconi / Permanent Employee / Sales officer
Racheal Diagon / Permanent Employee / Market officer, accountant
Daniel Friry / Permanent Employee / Marketing officer sale officer
Fredrick Von Stien / Permanent Employee / production
Erin Chan / Permanent Employee / production
Ellen Prior / Permanent Employee / production
various / Contractor, casual / Production, hr, finance, training
Jonathon Whittier / Permanent Employee / Training and education
Mary Formore / Permanent Employee / Training and education
various / clients / students

6. Data storage and access

Data and information is stored on local hard disks of each computer. The data relates to the function and department the computer belongs to. Data and information is not shared between computers. There is occasion that various copies or version of information resides on a number of different computers.

Some data is copied to CD for access on other computers.

7. Computer use and practice

The following are observations and interviews regarding how the computer system is currently used by users.

Managers, HR, Finance, Sales and Marketing and IT Departments have one dedicated computer per employee. There are no usernames or passwords setup or enforced. On occasion, a user may need physical access to other department computers to access information.

Other sections, training and production, share computers with staff moving in and out. Computers are setup based on functions to be performed. Again, no user login or passwords used.

There has been instances of lost data and information leading to business operation delays and rework. There is no formal backup process for data and information. Some data has been lost through hardware and disk failures.

There is no security or auditing of data access.

Various external media and information brought in and run on internal computers.

There appears to be a lack of staff awareness of policies and procedures regarding organisational data and information. Contractors and casual staff have free and uncontrolled access to all computers.

8. User and manager interviews

Table 4 was compiled to determine how important computer data and systems are to the business operations of the organisation.

Table 4: Summary of user and manager interviews—importance of computer-based data and systems (WPT)

Department/
Users / System/Data / Tolerable outage time / Impact on WPT business after Tolerable outage time 1=min 5=major / Comment /
Finance, HR, Management, sales / Finance Application on individual Finance computers / No access for 48 hrs / 4 / Can use paper record methods for outage. Beyond this cannot manage organisational finance transactions
Finance, HR, Management, / HR System and Data Application on individual HR computers / No access for 5 days / 4 / Can use paper record methods for outage. Beyond this cannot pay staff
Production, sales / Publishing/printing application and data on individual computers / No access to some or all computers 1 day / 5 / Beyond outage products cannot be produced. Idle staff, miss delivery times
Training, external clients / Training data and applications on individual training computers / No access to some or all computers 1 day / 3 / Can use alternate training resources and methods
All users / User generated data and applications on individual computers / No access to some or all computers 2 days / 3
All users / Internet access / 24 hrs / 4 / May impact on line orders, deliveries and email communications
All Users / Printing / No access to some or all computers 1 day / 5 / Delays in production

9. Conclusion and recommendations

Wizard Publishing and Training has a significant dependence on the availability and functionality of its information systems and data. At present although systems are functional there is a significant degree of loss to the business in terms of data and information loss and productivity time loss in delays to system access. In its current state the organizations IT environment cannot support the organizations growth in business operations.

It is recommended that business policies and procedures relating to information systems and IT usage within the organisation be developed and disseminated to all staff, employees and contractors who access the organisation’s IT environment.

It is recommended that an upgrade of the current IT environment be undertaken to establish an IT environment better suited to the business operation need of the organisation.

Install and maintain a server: WPT Audit of existing IT environment XXX