{EduSolutions

Auditoria

EduSolutions background EduSolutions Description EduSolutions Organizational Structure EduSolutions System

Critical Asset Worksheet for people Critical Asset Worksheet for Information

AGENDA

EduSolutions is a specialized company in the adaptation and implementation of tools, focused in the development of e-learning environments (EVA from its notation in Spanish).

The end scope of its solutions, it's to promote a continuous and significative learning from distance.

EduSolutions Description

The company has 4 main areas: The production area, which consists of

four departments: Analysis, Adaptation and Development, Testing and Implementation and Support, the latter having a sub-department on behalf of Maintenance.

The Commercial Division area which has 2 departments: Marketing and Sales.

The Finance area with 2 Accounting and Administration departments.

The Human Resources area.

EduSolutions

The production area has 32 employees in the departments are divided as follows :

Department of Analysis: 5 Employees. Adaptation and Development

Department : 8 employees . Testing and Implementation Department :

8 employees . Support Department : 5 employees . Maintenance Department : 6 employees .

EduSolutions Organizational Structure

By the Commercial Division area has 10 employees divided into departments as follows:

Department of Marketing: 4 employees . Sales Department : 5 employees . They have a Sales Manager .

EduSolutions Organizational Structure

The Finance area is comprised of a total of 7 employees , which are distributed as follows in the departments :

Accounting Department : 3 employees . Department of Administration : 3

employees . They have a financial manager .

EduSolutions Organizational Structure

In the area of human resources , which has five employees:

3 secretaries. A human resources manager .

Finally , the department is comprised of Management

General Manager . Executive Assistant .

EduSolutions Organizational Structure

So, What did i find about People at EduSolutions?

They’ve got 55 employees, distributed in 5 main areas, including the CEO.

A total of 15 different jobs.

People Assets

Listed below, are the 5 key areas and the most critical person i found there:

Production: NA Commercial Division: Sales Manager Finance: financial chief HR: HR chief Management: CEO

Critical Persons

What are the security requirements for these persons?

The set of skills provided by each one of these persons must be available when needed

These persons should cover the needs of people below them.

They have expertise in the areas they are managing, therefore absence will have repercussions in this area.

Security Requirements

Key people taking a temporary absence

Key people leaving the organization permantly

Threats affecting a third-party or service provider

Other problems

EduSolutions has a good organizational structure.

EduSolutions has the OHSAS norm which makes employees more confident and productive.

Positive points

Do not have a contingency plan in case of an employee does not attend to work

They have a sanctions system for absence at work, instead of a prevention plan.

Working 6 days a week seems a little to excessive, considering they got to work full hours on Saturday.

No mention on the Capability level of the norm ISO/IEC-15504, if your madurity level is not high enough, key people leaving the organization permantly may have a high impact.

There is no Production manager. Production area has no defined teams.

Negative points

Define a Production manager Define a level 3 capability level in your

norm ISO/IEC 15504. Consider a prevention plan for people

absence. It’s a good idea to define teams, it will

help you achive the level 3. More rest days for you employees will

make them more productive.

Recommendations

Critical asset for Information

Information that belongs to the Institution using your EVA service such as: Students information, Teachers Information,etc.

Personal Computers in the working area. EVA system Sensible information that your company

needs for you to provide a service to and institution(Institutions religion, bank accounts, etc.)

Critical Information

Servers that provide your service and host your data.

Critical system

Information: Intitutions data( metioned in the critical

information, both the one you host and the one you need to provide a service)

Services Database

Others Personal computers EVA system Internet connectivity

Related Assets to this system

Contingency plan for natural disasters. Hired an external company for data

backups. Good recommendations to keep servers

and computers in good shape.

Positive points

No responsible for the intitutions information allocated in your servers.

No responsible for your EVA system uptime.

Data regulation not specified.

Negative points

Continue improving your positive points Specify who is resposible for all the

information your servers handle.

Recommendations

Network Access Information

Your website has a privacy policy

Positive points

You have vital intern information unrestricted, which may lead to information disclosure

Competitors may steal information You dont specified if you have a firewall

or not or what kind of security are you using to protect your serversNegative points

Specify a security protocol for your server-client conecctions

Get a firewall Implement user privileges to access your

website information

Recommendations

Human actors using physical access

Your LAN is not well specified Employees might use a different

computer and cause trouble(loss of information, disclosure,etc)

No security guards.

Negative points

Specify your access to the LAN(static, dinamic, number of nodes, etc.)

Hire a security company. Personal passwords. Avoid employees

from sharing them.

Recommendations

System Problems

The company has a contingecy plan The company has backup plan

Positive points

No backup server in case of main server failure.

No antivirus. No specifications on how to handle

version changes.

Negative points

Hire or buy a backup server, since your company totally relies on an online server to provide the service.

Buy an Antivirus. Specify how to handle version changes.

Recommendations

Natural disasters contingency plan.

Positive points

The company doesnt have a plan in case of infrastructure problems

The company doesnt have a secundary ISP in case of unavailability of main ISP.

Backup power supply is not specified or is inexistent.

Negative points

Hire a secondary ISP Specify if a backup power supply exist, if

not you should get one Elaborate a plan in case of

infrastructures failure

Recommendations