Professional Documents
Culture Documents
Project Report
Project Report
Table of Contents:
1. Introduction
2. Outsourcing vendor
3. Background
4. Situation
5. Objectives of Assignment
6. Audit observations of IT Environment and practices
6.1 A. Physical access controls
6.1 B. Logical Access Controls
6.1 C. Disaster Recovery Plan
7. Deliverables
8. Format of Report/Findings
9. Extracts from Service Level Agreement (SLA)
9.1 Clause 10.1: Generally
9.2 Clause 10.2: Backup and Storage
9.3 Clause 10.3: User and Access Restrictions
9.4 Clause 10.4: Disaster Recovery
9.5 Clause 10.5: Maintenance of Records
1. Introduction
AMG Software (AMG) is the world’s leading provider of management solutions that ensure the
availability, performance, and recovery of business-critical applications. AMG calls this
application service assurance and it means that the applications its customers rely on most stay
up and running, around the clock. For more than 20 years, the largest and most successful
companies have relied on AMG Software. AMG Software is among the world’s largest
independent software vendors, a Forbes 500 company and a member of the S&P 500, with
revenues of $2.3 billion in the last 12 months. The company is headquartered in Houston, Texas,
with offices worldwide.
2. Outsourcing vendor
DLF Software (DLF) is focused on providing Offshore Development Services (ODS) to Global
Clients who include 25 of the Fortune 500 corporations of the world. With a penchant for
working closely with clients and organizing work according to the client’s needs, DLF believes
in working with the customer as its Partner in Progress and participating in mutual growth both
quantitatively and qualitatively. From its inception, DLF has been one of the fastest growing
major software companies in India and is rated amongst the top 10 software export houses in
India. DLF is headquartered in Bangalore and is represented through offices in the USA, Europe,
South East Asia and Japan.
3. Background
AMG has outsourced software development through ODS mode to DLF. AMG has supplied IT
infrastructure for these services and has also recruited required personnel who work at DLF for
the software projects of AMG. AMG wanted an independent assurance on the security and usage
of the technology as also protection of the IPR of AMG. Abraham and Associates (AAA) is a
practising CA firm based at Bangalore and offers IS Assurance services with a team of DISAs
and IT security professionals.
Leading to the proposal, Mr. Bentley, Manager, OEM of AMG based on research on google had
identified AAA for providing assurance services and had contacted AAA through Email. The
need for IS Assurance services for conducting IS audit with the objective of providing assurance
on protection of Intellectual property\security audit was communicated. Based on this, AAA had
sent their profile offering their services outlining their experience in this area and providing
sample proposals and deliverables of such type of reviews executed by AAA. The scope,
objectives, fees and deliverables were finalised after detailed discussion to meet specific
requirement of AMG and this was communicated to DLF.
4. Situation
The need of AMG was understood to be the requirement of an assurance that the intellectual
property including assets and access to such assets (hardware, software, manuals, media, etc.) of
AMG used at the AMG labs at DLF in Bangalore are adequately secured (physically and
logically) from unauthorised and inappropriate use through adequate and appropriate physical,
environmental and logical access controls. Hence, an independent review was to be conducted
on the process and methods in place at AMG labs at DLF so as to provide assurance that there
are adequate and appropriate safeguards and procedures that prevent unauthorized access,
mishandling and damage to any of the assets of AMG at AMG labs at DLF and all the facilities
provided by AMG are being used for the purposes of AMG’s operations by personnel authorised
or assigned for AMG’s operations only at DLF allocated work site.
5. Objectives of Assignment
Based on the detailed discussions with Mr. Ben Crocker and visit to the AMG Labs at DLF, the
primary objectives of the assignment of Security Audit are finalised as follows:
Provide assurance to AMG that the intellectual property of AMG including assets and access to
such assets (hardware, software, manuals, media, etc.) used at the AMG labs at DLF in
Bangalore are adequately secured (physically and logically) from unauthorised and inappropriate
use through adequate and appropriate physical, environmental and logical access controls;
Review the process and methods in place at AMG labs at DLF so as to provide assurance to
AMG that there are adequate and appropriate safeguards and procedures that prevent
unauthorized access, mishandling and damage to any of the assets of AMG at AMG labs at DLF;
Review whether all the facilities provided by AMG are being used for the purposes of AMG’s
operations by personnel authorised or assigned for AMG’s operations only at DLF;
Validate the process and methods at AMG labs at BLF against available norms and standards of
AMG wherever available
7. Deliverables
Provide IS Audit report to management of AMG with reasonable assurance that Identified
controls as relevant are in place at the AMG Labs at DLF;
Provide detailed report covering findings for each of significant control weaknesses and advise
management of AMG on corrective actions to be initiated. Include management comment from
DLF on audit findings and recommendations with agreed action plan.
8. Format of Report/Findings
Please use extracts from SLA and the contents from relevant section of the DISA background
material and relevant best practices as required as the benchmark for evaluation of the controls.
IS Audit report may be prepared based on standards of reporting issued by ICAI and ISACA.