Carry out a qualitative General IT Controls audit
The General IT Controls (GITC) audit includes numerous, diversified verifications and tests. This audit is particularly recommended in the context of a company buyout and may be a regulatory requirement depending on your type of organization. You can count on the help of our MS Solutions experts to perform it successfully.
Why perform a GITC audit and entrust it to an external partner?
The GITC audit consists of evaluating the general controls of an organization’s information technology, in order to confirm the effectiveness of the protection mechanisms in place, and their robustness to any incidents that may occur.
- The results of the tests performed on these controls are then presented to the organization’s governance in a pictorial report. Recommendations are issued to prioritize, target and direct improvement opportunities. Experience and objectivity are required to provide an independent view of these controls.
Inclusions with a GITC audit:
The checks and tests performed as part of a GITC audit are numerous and diverse, and include:
- Summary audit of organizational security: governance, risk management, personal awareness and insurance
- Summary audit of the security of public assets: website management, DNS management, social media management
- Summary audit of external network security: documentation, security perimeter and remote access
- Summary audit of physical security: physical access, server room and communications room
- Summary audit of internal network security: documentation, system obsolescence, antivirus, password management, accounting software
- Summary audit of operational security: robustness of systems, backup management
MS Solutions is committed to providing you with a comprehensive report, with recommendations and evidence.
The process for a GITC audit:
The methodology that we recommend for the successful realization of a GITC audit is adapted to the size and reality of each organization. We are present from the planning of the audit, right through to the presentation of a detailed report based on data collected and analysis of your IT systems. The following steps are included.
Our experts will meet with the people in your organization who will be involved in the project, so we can plan it together. All stakeholders will be identified and contacted.
Our experts will undertake the collection of all required information, by accessing the IT environment, governance documentation, and targeted information assets.
Our experts will continue the audit with verification and testing of the following six major controls:
- Organizational security
- Security of public assets
- External network security
- Physical security
- Internal network security
- Operational security
The report will present the results of the various analyses performed, as well as the findings from throughout the audit. The report will detail all the issues raised by our experts, as well as a series of recommendations to improve your security posture.
You will receive an illustrated report to simplify understanding. Recommendations will be issued in order to prioritize, target and direct improvement opportunities.
Our Commitment
Our team of experienced technicians will help you solve your IT issues efficiently, and allow you to focus on your growth.
Yves Coté
Partner, Vice President of Operations
News from the IT world
SharePoint Intranet: boost your company’s collaboration and internal communication
Imagine a world where information is centralized, accessible in one click and where collaboration is seamless. This is the promise of the SharePoint intranet: a powerful solution to revolutionize communication…
Which cloud to choose for your SME
The cloud, also called cloud computing, is revolutionizing access to IT services, making them accessible to all businesses, from large corporations to SMEs. Contrary to popular belief, the cloud is…
How to integrate Copilot for Microsoft 365 into your business
The year 2024 marks the start of an exciting era with the long-awaited arrival of Microsoft Copilot. This revolutionary artificial intelligence, integrated into our daily tools, arouses widespread enthusiasm in…
How to add training to your team on your Vigilance + platform
Vigilance + is much more than a continuous phishing simulation platform. You can find training on cybersecurity and on Microsoft 365 to train your teams. In order to offer you…
Complete guide to cloud services: which choice for your company?
The world of computing is evolving at lightning speed, and cloud computing has become a central pillar in this revolution. But what do these mysterious acronyms like IAAS, PAAS, SAAS,…
Optimizing collaboration with Microsoft Loop: a revolution in modern work
The modern workplace is constantly evolving, and Microsoft is positioning itself as a leader in this transformation. At the heart of this revolution is Microsoft Loop, a real-time collaboration application…