IT Aduit & Assessment - Case 1

A cross boarder toy firm with head-office in Hong Kong and factory in China

Size
3000+ Employees

Service
IT Audit and Assessment with Follow-up Services

Challenge
In recent years, with the aggressive growth of China’s economy and businesses, many are struggling to cope with oversea management and security. Our client is no other. An out-dated ERP and a handicapped HR system have cost our client direct money lose. An IT team that are too busy fixing endless users’ daily problems, managers find it almost impossible to communicate and express their business directions and objectives. Internal hacking activities with data and network security issues are present. With a continuous reminder from the news of data leakage and loss, managers have turned to our IT audit and service scheme to evaluate in both technical and business aspects. 

Solution
Identify numerous network security holes and provide technical recommendations. Evaluation of mission critical ERP on technical architectural analysis specifying potential risks and possible automation strategy. Enhance the network control and monitoring with the consolidation of IT management and policies.

Result
With the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
 - Identification of security holes within their multi-sites setup in both network and application aspects.
 - Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
 - Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.

Follow-up
Reduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.

Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
 •    Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
 •    In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
 •    Sources different options of ERP’s providing pertinent professional advice.
 •    Establishment of new policies and procedures in protection of the company.
 
Benefit
After the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.

More Updates

Further reading