1) Required: Provisioning process must be formally documented in accordance with the Agilent Access and

Authorization Standard.

2) Required: Provisioning/DE Provisioning processes for access requests should be modified i.e. a proper policy
should be followed when the user has left the organization or under different circumstances.

3) Required: A formal de-provisioning process must be created and documented in accordance with Agilent Access
and Authorization Standard.

4) Required:Periodic access reviews must be conducted once a quarter for high-risk/privileged users, and once a
year for non high-risk users.

5)Required: There needs to be a documented process for who approves, who grants access; how users are
terminated.

6)Required: Audit capabilities should be implemented to capture the user session and login attempt details.

7)Required: Backup policy should be in place. The backup is done through symantec Netbackup. the information
that whether it is automated or manual or who has access to same and where tapes are kept. Also, how frequently
the back up is taken; All these things should be properly placed and documented.

8)Recommendations: In case of stressful conditions or a downtime a disaster recovery plan is required.

9)Recommendations: Implement an automated provisioning process to make provisioning and DE provisioning

processes more efficient.

10)Recommendations: Reporting functionality for monitoring failed login attempts.