RR Aerospace has facilities around the world, and it is essential that their information system is secure. An earlier internal audit of security compliance had been conducted using Excel workbooks to perform site surveys. Enterprise Scorecard has been selected to implement the new security management system. This work is currently on-going.
Although Excel is a convenient tool for gathering data, this solution suffers a number of limitations:
There is no facility to consolidate results and to compare one site with another.
- Consequently there is no way to identify globally sites or areas which need urgent attention.
- Planning for and monitoring corrective actions is not integrated with the solution.
- There is no facility to reassess sites after a given time and demonstrate progress.
- Individual policies are not weighted in importance, so that trivial non-compliances are given equal weight to severe vulnerabilities.
- There was a desire to integrate this audit into more comprehensive management system that follows the best management practice of ISO 27001.
There are 153 statements of internal security policy which are defined in the initial survey. These have been encoded using our template design tool:
Figure 1: IT Security Audit
The responses gathered from the various locations are then available for review in a collection of summary reports. Naturally, this information is confidential, and cannot be reproduced here.
An interactive dashboard was also developed to allow results to be review from the business as a whole, and from individual locations. Please note the screen shot shown below are of test data only, and none of these figures are genuine.
Figure 2: Security Dashboard
If you have any comments on this case study and would like to know how Enterprise Scorecard can help you develop a similar solution, kindly fill in the form below. We’d be delighted to hear from you.