Image
View report PDF5.83 MB
Audit snapshot
What we reviewed and why
The increasing complexity of ICT environments and risk of cyber security threats reinforces the need for agencies to have clear visibility and understanding of their ICT assets. To protect these assets and meet the requirements of the South Australian Cyber Security Framework, all agencies need to establish and maintain ICT asset management controls.
We reviewed the ICT asset management controls applied by six SA Government agencies from a variety of sectors.
What we found
We had no major concerns with the ICT asset management practices of the agencies we reviewed. Their controls varied, and we did identify some areas to improve. Our key findings included:
- ICT asset scanning and discovery discrepancies
- gaps in documented ICT asset management procedures
- inconsistent management of ICT assets
- gaps in documented ownership and classification of ICT assets
- a lack of periodic review and monitoring of ICT assets
- gaps in ICT asset sanitisation and disposal.
Good ICT asset management controls
Image
Image
Image
Image
Image
Image
Image
Well maintained centralised ICT asset registers, with owners and classifications listed
Image
Documented procedures for monitoring ICT asset sanitisation and destruction
Image
Vendor service monitoring arrangements
Image
Well maintained centralised ICT asset registers, with owners and classifications listed
Image