Learn How an I.T. Audit can help your Business

---

So what is an IT audit?  An I.T. audit is sometimes called a computer systems audit or audit of information systems or simply a tech audit. 

In general terms, IT auditing means taking an in-depth look at all the systems and processes that impact data generation, data flow or data storage within your organization.  

Those systems and processes can include:

• hardware
• software
• data channels
• staff training
• written protocols 
• best practices for your industry.

While ongoing internal audits are extremely useful in managing business operations, successful companies also regularly schedule an I.T. audit by an external entity to help ensure data security.

Companies hire Olympia Computer to audit their IT systems for a variety of reasons.

If your business is growing, you may need an IT audit.

If you plan to expand your operations significantly in the near future, an I.T. audit is a critical first step.  Growth is the very opposite of security - and an I.T. audit can help to identify those areas where growth will cause you security issues.  

• Adding virtual or physical end points, especially beyond your current infrastructure, adds new security concerns.   
• Over time, many businesses  come to operate on unwritten security rules - last one out locks the door,  for example.  When it comes to data security, new users may not know your traditional security practices.  And without a comprehensive IT audit, you may not even know where they are going to be putting your business at risk.
• Adding new end points - like cell phones, computers, laptops checked out to new staff or even website users - adds new risks.  An I.T. audit will help you identify those risks so that you can prevent problems before they occur.
• Even if your current operations are highly secure, expansion to more people or more locations (including work-at-home locations) means you will likely be operating over less secure networks.  An I.T. audit can identify those areas that require hardening to maintain data security.

If you need to be PCI compliant, you may need an I.T. audit.

If your company accepts credit cards, you likely are required by the issuing agency to meet PCI guidelines. An I.T. audit can help you see where you may need to make changes to meet those requirements.

If you need to be HIPAA compliant, you may need an I.T. audit

If you are a health plan, health insurer or health care provider – or a “business associate” of one of those companies, you are probably required to follow at least some HIPAA regulations regarding the gathering of private health information. An audit will help you put in place the best practices, guidelines and protocols to help your organization stay compliant with HIPAA regulations.

If you want to stay in business, an I.T. audit can be a critical "best practice". 

Any company or association that wants to stay viable in today's wild and wooly security environment needs a regularly scheduled I.T. audit.  Period.

Over time, any organization develops weaknesses in information systems that can make you vulnerable to cybersecurity attacks, ransom demands, fraud or simple staff mistakes.  

An audit can help you identify risks in your systems that could lead to data breaches, fines, lawsuits and most importantly to erosion of customer trust and loss of business.

Regular auditing can help you protect your data – and that means you are protecting clients, suppliers, employees, shareholders – and your own reputation. 

An audit gives you the information you need to mitigate risks to network security and data processes.  In the long run, your I.T. audit will be a critical step in reaching your business goals.

Many companies hire us to do ongoing I.T. audits to keep all their technology systems in compliance.  If you have not had an audit in the last 3 years, give us a call now.  

Every business is different, so each IT audit we perform is tailored specifically to the needs of that business.

However, in general, our highly experienced I.T. auditors will look at 

• how data is created in your business
• how data travels
• how data is shared - among your staff and with clients, customers or vendors
• how data is stored.

We look at your entire information infrastructure, including access and control of your applications, data bases, operating systems, networking devices (routers, switches, access points), and virtual end points.  

We also evaluate physical security, potential human risks and your ability to manage vulnerabilities that may occur in your system.  

Your IT audit may include:

• Information security – vulnerabilities, monitoring, reporting, response times 
• Mobile Strategies – risk detection, loss of devices
• Access control – physical and virtual
• Cloud policies - user authentication, security, interface with other parts of company (like legal)
• Privacy requirements
• Staff Security awareness – access permissions, segregation of duty protocols, working from home
• Asset management protocols – hardware, software, staffing, data
• Business continuity management and disaster recovery planning
• Risk management – 3rd party risks, social media, in house
• Data backup systems – adequacy, training

As needed, we compare your systems to the requirements of relevant protocols and governing agencies like

• PCI DSS 
• HIPAA/HITECH 
• Sarbanes-Oxley (SOX) 
• ISO 
• Privacy Shield
• NIST 

If your last I.T audit was more than three years ago, call now to talk with an I.T. auditor  - or send us a note in the message box  to get more information.

Olympia Computer has been an essential part of PSW’s IT infrastructure and department redesign process. 

As a fast growing company in healthcare, we had several priority needs, including a help desk and interim CIO leadership. 

Erik and his team stepped in with the expertise we needed, quickly connecting with our teams and becoming part of our work family.   

As a result of working with Olympia Computer,  we have fantastic customer service from a dedicated help desk and are actively transitioning our IT infrastructure to ensure security, minimum disruption and high levels of service.

                                                 Tamara Schaffert, Chief Operating Officer

                                                 Physicians of Southwest Washington (PSW)

What is an I.T. Audit?

An I.T. audit is an evaluation of an organization’s computer related systems, including the infrastructure, operations and guiding policies.

What does an I.T. audit cover?

An I.T. audit looks at how data is created, moves or is stored in your organization.

What does an I.T. audit look for?

An I.T. audit looks for weaknesses in the I.T. system that may pose risks to your data.  Those weaknesses may occur in hardware, software, system design, policies and protocols or compliance.

Is an I.T. audit disruptive to my company? 

It can be - but the level of disruption depends on the experience of your audit team.  Over the years we have developed processes to significantly minimize disruption.   To cut down on interruptions to your staff or systems, much of our work can be done after hours or off site.  Our auditors have developed methods of gathering information in the shortest possible time on site - for review off site.  And we will work with you to design an audit time line that fits with your business schedule - if there are days of the week or hours of the day when you cannot  have auditors on site, just let us know.

Why would I want an I.T. audit for my company?

An I.T. audit can help you protect your information assets, identify and correct system inefficiencies, and ensure the integrity of your information systems. Maintaining system integrity is critical to managing your data and preventing data breaches.

Is an I.T. audit the same as a PCI or HIPAA compliance audit?

PCI and HIPAA compliance requires information system audits to verify data security.  An I.T. audit may go well beyond what PCI and HIPAA require, also documenting current systems, looking at risks, or identifying opportunities for growth in areas not related to PCI or HIPAA.

Can I just use off the shelf auditing software?

Sure but that would be sort of like using web md to diagnose your medical problem.  Off the shelf products scavenge your network to tell you the number of devices you are running.  We also investigate how effectively those devices work together,  the health of your system and the security risks you may be facing.

Who can do an I.T. audit?

Your I.T. audit should be done by an independent and unbiased technology expert.  For the best results for your business, look for an I.T. consultant experienced in conducting  I.T. system audits - and ask for references.