Audit and Assurance

Expand all | Collapse all

IT Audit of decommissioned system

  • 1.  IT Audit of decommissioned system

    Posted 17 Feb, 2020 07:23
    Hello all,

    How do you perform an audit for a decommissioned system? Are there any best practices in place or guidelines?

    And what areas should you audit?

    Thank you,

    ------------------------------
    Alexandra Avram
    IT Audit and Advisory Senior Consultant
    ------------------------------


  • 2.  RE: IT Audit of decommissioned system

    Posted 17 Feb, 2020 08:54
    Hi @Alexandra Avram

    I'm no expert, but there are some key things that I'd check.
    1) Was the system fully removed from production?
    2) Was the data from the system removed? If yes, how? Was it done secure way, so no data can be restored from the disks? (Degausing disks, multiple overwrites, shredding the disks, ....) Who performed the wipe? Someone internal? Some certified vendor? Any proof?
    3) Is there still data of these systems in the backup repository? Does it need to be retained? If so, why?
    4) Were computer accounts cleaned up in the active directory/ldap/dns
    5) What happens to the hardware? Anything that could provide clues on how to hack your production system? (bios passwords, configurations, network addresses in some management module, labels....)
    6) How will it be recycled? internally? externally? Who will become the new owner?

    Hope this helps.


    ------------------------------
    Sven De Preter

    Sr. Network & Systems Administrator
    Corporate DPO Team Member

    Certs:
    - CompTIA CSCP (Stackable)
    - CompTIA CCAP (Stackable)
    - CompTIA Cloud+ ce
    - CompTIA Security+ ce
    - CompTIA Network+ ce

    Feel free to connect with me on LinkedIn: https://www.linkedin.com/in/svendepreter/
    ------------------------------



  • 3.  RE: IT Audit of decommissioned system

    Posted 18 Feb, 2020 01:55
    Agreed with Sven. In addition to what he has mentioned, was the system hosted in a datacenter or in cloud? Was there Internet / 3rd party accessibility that needs to be removed? User accounts exclusively used by the system? Remote access / VPN? Firewall rules deleted? Monitoring systems that need updating? CMDB (and DSL) updated?

    ------------------------------
    Julius Francis
    Solution Security Architect
    ------------------------------



  • 4.  RE: IT Audit of decommissioned system

    Posted 18 Feb, 2020 02:33
    Hello there,
    Just to add few (probably, futile) lines.
    @Sven De Preter
    At the end of your 3), also "If so, for how long?" and "The RACI for the retention requirements";
    For your interesting 4), I agree, as long as we have a secured back-up of this information;
    @Julius Francis
    In case of the 3rd parties involved, ask your legal team to review the contracts (termination clauses, accountability, etc.).
    I could really spend hours reading and learning from these posts...

    ​​

    ------------------------------
    [Amedeo] [Maturo Senra]
    [CISA, CIPP/E, Lawyer]
    ------------------------------