Business Information (Only fill information that you think will be part of the Project Scope)
Sr. No. Questions Response
1 (Mumbai – Colaba to Sion Mahim) 1 No. of Geographic Locations considered for the Audit 2 Mumbai and Bangalore (CSP locations) 4 Control Centres, 1 ULMS and 49 Receiving 2 No. of Offices in Each Location considered for the Audit. Stations for SCADA. Mumbai and Bangalore(CSP Locations) No. of Divisions/ Departments (If possible provide an 3 54 Nos. Organogram/Organization Chart) considered for the Audit. No. of Employees in each Department considered for the 20 to 25 numbers who are operating SCADA 4 Audit. system at Control centres. 1.There are 4 zones. PCs are there in each control for respective zone. All RSS are How many Data Centers do you have? Kindly mention 5 connected to Control Centres through MPLS their location. connectivity (SCADA Systems). 2 – Mumbai and Bangalore (CSP locations ) 6 Do you have a DR Site in place? YES IT details for VA/PT and Configuration Review: (Only mention numbers for those to be considered in ISO/IEC27001:2013 scope) a. No of Critical Servers (email, DB, SharePoint etc.) 33 b. No of Critical Devices (F/w, Switch, Routers, IDS/IPS) No dedicated Switches/Router c. No. of Web Applications 3 7 d. No. of Mobile Applications 2 e. No. of Firewalls 1 f. No. of Routers No dedicated router g. No. of Switches No dedicated Switches h. No. of Desktops/Laptops/Mobile devices used Antivirus/Firewall ( Palo Alto VM-100 with 8 List all the tools used for IT & Security UTMF Features Do you use any Cloud Services? If Yes, List all the services 9 YES used in cloud infrastructure. Do you use Virtualization? If Yes, List all the services used 10 YES in Virtualization. Do you already have an Information Security Program in 11 NO your Organization? (Yes/ No; If Yes, kindly elaborate) Do you have an Information Security Policy in place? 12 NO Is this Approved and followed in the Organization?
Business Information (Only fill information that you think will be part of the Project Scope)
Sr. No. Questions Response
Do you have an Information Security Officer (ISO)/Chief 13 NO Information Security Officer (CISO) appointed? Do you have an Information Security Steering Committee 14 NO in place? Do you expect implementation support (Asset Inventorization, Classification etc.) for the entire Scope? If 15 yes, please specify the Scope for this-including number of YES participating departments and employees in each of these departments. By when you expect to start the Audit initiative (this 16 information will help us plan the activities and ASAP appropriate timelines). Do you have to comply with other regulatory 17 YES requirements? Kindly elaborate.
Do you have any other Certifications like ISO9001, 14000,
18 NO etc., Kindly elaborate? Are you looking for a specific timelines to close the 19 YES project?