IT Responsibilities

The prime objective is to protect the confidentiality, availability and integrity of the company’s information and information systems.

 Information security policy
Ensure that IT staff and IT systems adhere to and enforce the company’s information security policies.

Asset management
Maintain a current and comprehensive inventory of information systems, software licenses and services assigned to responsible individuals.

Patch management
Ensure that all software and systems are kept up to date with the latest security patches.

Change management
Ensure that all changes to IT infrastructure are documented, tested and authorised.

Incident management
Report and respond to security incidents or suspicious activity as quickly as possible following standard procedures for the collection of evidence.

Backup copies of information, software and system images shall be taken and tested regularly in accordance with the backup policy.

Access control
Ensure users are only provided with access to information, networks, and software that they have been authorised to use.

Ensure that all information systems have active malware detection, prevention and recovery controls.

Ensure firewalls configurations effectively prevent unauthorised inbound/outbound access and are limited to approved rules with business justification.

System monitoring
Maintain tamper-proof event logs to record administrator and user activities, exceptions, faults and information security alerts that can be used as an audit trail for troubleshooting or forensic investigation.

Standard configurations
Ensure IT staff use standard configurations and documented procedures for installation and operation of information systems.

Ensure equipment and cabling is well maintained and protected from unauthorised access and disruption.

Network configuration
Maintain documentation on current network configuration including diagram and security controls.

Vulnerability scans
Run regular internal vulnerability scans and address any medium or higher risks.

Routine checks
To ensure proactive management of IT environment:

Description Frequency
Backup: review and resolve Daily
Antivirus: review and resolve Daily
Logs: critical issues on key servers, unusual activity Daily
Patch management Monthly
Vulnerability scans Monthly
Disk space on servers Weekly
Unused accounts Monthly


Provide regular reports on the following:

Description Frequency
Access rights: List of active users and permissions Quarterly
Assets: Additions, changes, disposal Quarterly
Backups: List of backups completed and restores tested Monthly
Incidents: List of incidents reported (resolved and unresolved) Monthly
Patches: Number of systems patched and unpatched (known vulnerabilities) Monthly
Utilisation: Software licenses Quarterly
Utilisation: UPS test Annually