Professional Documents
Culture Documents
Initial Data Requirement Template
Initial Data Requirement Template
For financial year 2022, period April 01, 2022 to March 31, 2023
Kindly send evidences in below format;
• Mails – Complete Smail
No. as an attachment; Process Application/Area
1 IT Governance
--
2 IT Governance
ERP/AD
5 Logical Security
ERP/AD
6 Logical Security
ERP/AD
7 Logs management ERP/AD
8 Logs management ERP/AD
9 Logical Security
ERP/AD
no Logical Security ERP/AD
11 Logical Security HR
Remote Authentication
20 Network Security
List of users & groups with creation / deactivation / last login details
System generated list of users created in application for the period 01 April 2022 till date
alongwith process screenshots of generation the list.
**Note: Sample will be shared for screenshots once above data is received
System generated list of user's role modified in application for the period 01 April 2022 till
date alongwith process screenshots of generation the list.
**Note: Sample will be shared for screenshots once above data is received
A list of employees separated during the audit period along with date of separation,
designation, ERP/AD User id and department of the employee
Last login of all the users
Last password reset date of all the users
1. System generated list of all active user IDs along with corresponding roles, user's
department and designation.
2. Process screenshots of generating the list.
**Note: Sample will be shared for screenshots once above data is received
Example of a job which failed in the audit period and how the issue was resolved (Incident
tickets, email confirmation etc.)
Incident logs with date and time of incidents raised/resolution taken.
List of employees who were provided remote/VPN access to servers, workstations, network
devices, application and database during the audit period.
List of employees who’s remote/VPN access from servers, workstations, network devices,
application and databases was revoked during the audit period.
Vulnerability assessment & Penetration Testing report
1. Screenshot of antivirus console showcasing the Antivirus administrators and password
parameters enforced.
2. Antivirus reports and evidence of corrective action taken for the period.
3. Screenshot of e-mail id configured on the central console for sending automated alerts (if
configured).
Groups
Take screenshot of following groups:
Administrators
Domain Admins (if any)
Remote Desktop Users
Power Users
Backup Operators
Provide a screenshot of list of user groups created in ERP and AD during the audit period.
Provide a listing of individuals with access to the data centre / server room for our review,
with the corresponding job titles.
Server room access management procedure for authorising, Creation & Deactivation of the
users duly defined.
Access to authorized staff only (IT, Electrician & Admin) according to their profile. Staff are
authorised by IT Head over access requisition form.
Evidences to show that the access log of the data centre is reviewed periodically
1. Emergency exit routes are clearly Marked along with proper temperature check
2. Picture of fire extinguisher installed in server room
3. Picture of CCTV installed outside server room
Provide a list (Excel dump) of users having access to the following critical profiles in ERP and
AD:
System Admin / Superuser
Karthik will share policies document which needs to be amended to fit for KL and
approved by Jaswanth
drafted in email to be sent
Written to DB test
Closed
Closed
Closed
Not initiated for India
Written to Ravi/Arun
Written to Ravi/Arun
Jira developments between 04-22 - 3-23
Jira ticket rised by Fin team
Analysis will be done by BA
Approval will be done by Finance TL
Development will be done by Developer
Testing done by BA
UAT done by Fin team
deployment
Written to Pawan
Written to Madhav
HR
IT
IT
IT
IT
IT
NA
IT
IT
HR
Pawan
IT
IT
IT
IT
BDO
BDO
BDO
Desktop admin
Desktop admin
IT
Pawan
IT
BDO
BDO
BDO
BDO
BDO
IT
Finance