LCS often receives requests from companies and secondary schools for an independent evaluation on how well their systems are working.
Some of these requests come from there being performance issues which can’t seem to be resolved, others are for peace-of-mind or compliance purposes (such as an IT equivalent of a financial audit), and others originate from an uncertainty of what senior managers are being told by their existing support companies (or even in-house IT staff).
Whatever the reason LCS can carry out a health-check which covers over 100 areas of the systems, many of which are often overlooked by in-house teams or external companies.
The key purpose of a health-check is to ensure that the systems are robust enough for what they are being asked to do, have suitable data backup / disaster recovery systems in place, identify any single points of failure which could result in down-time for the organisation, highlight any potential areas of weakness with regards to data security and offer advice and guidance on how improvements can be implemented.
Some areas which have been highlighted by an LCS health-check have been:
- Lack of suitable data backups and disaster recovery systems, meaning that ALL data held by the organisation is at risk of being lost forever.
- Missing data access controls which present the organisation with the very real risk that should any data go missing they will be liable for very large fines from the Information Commissioner’s Office under GDPR regulations.
- Identification of single points of failure which would render an organisation’s IT systems inoperable for many days, or even weeks should they fail. Understanding this allows suitable plans to be put in place in case the worst should happen.
- Suitable processes have not been in place, such as to lock users out of the systems once they leave the employment of the organisation.
- Absence of key infrastructure documentation highlighting over-reliance on the knowledge help in an individual’s head, and the potential impact to the organisation should that individual be hit by the proverbial bus.
- Fundamental network design problems resulting in intermittent and inconsistent system access for users.
- Mis-configured security settings giving all users access to key, personal data held on the systems. This is not only an issue for GDPR but poses all kinds of risks to staff moral for instances such as when people start to find out, and share, how much another person is paid.
