Audit Scoping Questionnaire

Business Information (Only fill information that you think will be part of the Project Scope)

Sr. No. Questions Response

1 (Mumbai – Colaba to Sion Mahim)
1 No. of Geographic Locations considered for the Audit
2 Mumbai and Bangalore (CSP locations)
4 Control Centres, 1 ULMS and 49 Receiving
2 No. of Offices in Each Location considered for the Audit. Stations for SCADA. Mumbai and
Bangalore(CSP Locations)
No. of Divisions/ Departments (If possible provide an
3 54 Nos.
Organogram/Organization Chart) considered for the Audit.
No. of Employees in each Department considered for the 20 to 25 numbers who are operating SCADA
4
Audit. system at Control centres.
1.There are 4 zones. PCs are there in each
control for respective zone. All RSS are
How many Data Centers do you have? Kindly mention
5 connected to Control Centres through MPLS
their location.
connectivity (SCADA Systems).
2 – Mumbai and Bangalore (CSP locations )
6 Do you have a DR Site in place? YES
IT details for VA/PT and Configuration Review:
(Only mention numbers for those to be considered in
ISO/IEC27001:2013 scope)
a. No of Critical Servers (email, DB, SharePoint etc.) 33
b. No of Critical Devices (F/w, Switch, Routers, IDS/IPS) No dedicated Switches/Router
c. No. of Web Applications 3
7
d. No. of Mobile Applications 2
e. No. of Firewalls 1
f. No. of Routers No dedicated router
g. No. of Switches No dedicated Switches
h. No. of Desktops/Laptops/Mobile devices used
Antivirus/Firewall ( Palo Alto VM-100 with
8 List all the tools used for IT & Security
UTMF Features
Do you use any Cloud Services? If Yes, List all the services
9 YES
used in cloud infrastructure.
Do you use Virtualization? If Yes, List all the services used
10 YES
in Virtualization.
Do you already have an Information Security Program in
11 NO
your Organization? (Yes/ No; If Yes, kindly elaborate)
Do you have an Information Security Policy in place?
12 NO
Is this Approved and followed in the Organization?

Company Confidential qSEAp © Copyright(2020)

 Audit Scoping Questionnaire

Business Information (Only fill information that you think will be part of the Project Scope)

Sr. No. Questions Response

Do you have an Information Security Officer (ISO)/Chief
13 NO
Information Security Officer (CISO) appointed?
Do you have an Information Security Steering Committee
14 NO
in place?
Do you expect implementation support (Asset
Inventorization, Classification etc.) for the entire Scope? If
15 yes, please specify the Scope for this-including number of YES
participating departments and employees in each of
these departments.
By when you expect to start the Audit initiative (this
16 information will help us plan the activities and ASAP
appropriate timelines).
Do you have to comply with other regulatory
17 YES
requirements? Kindly elaborate.

Do you have any other Certifications like ISO9001, 14000,

18 NO
etc., Kindly elaborate?
Are you looking for a specific timelines to close the
19 YES
project?

Company Confidential qSEAp © Copyright(2020)