IT Responsibilities
The prime objective is to protect the confidentiality, availability and integrity of the company’s information and information systems.
Information security policy
Ensure that IT staff and IT systems adhere to and enforce the company’s information security policies.
Asset management
Maintain a current and comprehensive inventory of information systems, software licenses and services assigned to responsible individuals.
Patch management
Ensure that all software and systems are kept up to date with the latest security patches.
Change management
Ensure that all changes to IT infrastructure are documented, tested and authorised.
Incident management
Report and respond to security incidents or suspicious activity as quickly as possible following standard procedures for the collection of evidence.
Backups
Backup copies of information, software and system images shall be taken and tested regularly in accordance with the backup policy.
Access control
Ensure users are only provided with access to information, networks, and software that they have been authorised to use.
Antivirus
Ensure that all information systems have active malware detection, prevention and recovery controls.
Firewalls
Ensure firewalls configurations effectively prevent unauthorised inbound/outbound access and are limited to approved rules with business justification.
System monitoring
Maintain tamper-proof event logs to record administrator and user activities, exceptions, faults and information security alerts that can be used as an audit trail for troubleshooting or forensic investigation.
Standard configurations
Ensure IT staff use standard configurations and documented procedures for installation and operation of information systems.
Equipment
Ensure equipment and cabling is well maintained and protected from unauthorised access and disruption.
Network configuration
Maintain documentation on current network configuration including diagram and security controls.
Vulnerability scans
Run regular internal vulnerability scans and address any medium or higher risks.
Routine checks
To ensure proactive management of IT environment:
| Description | Frequency |
| Backup: review and resolve | Daily |
| Antivirus: review and resolve | Daily |
| Logs: critical issues on key servers, unusual activity | Daily |
| Patch management | Monthly |
| Vulnerability scans | Monthly |
| Disk space on servers | Weekly |
| Unused accounts | Monthly |
Reports
Provide regular reports on the following:
| Description | Frequency |
| Access rights: List of active users and permissions | Quarterly |
| Assets: Additions, changes, disposal | Quarterly |
| Backups: List of backups completed and restores tested | Monthly |
| Incidents: List of incidents reported (resolved and unresolved) | Monthly |
| Patches: Number of systems patched and unpatched (known vulnerabilities) | Monthly |
| Utilisation: Software licenses | Quarterly |
| Utilisation: UPS test | Annually |
tjcmorgan 