VIA University College was looking for a solution to ensure compliance within the IT department. The solution should be simple, yet flexible and support management of relevant IT general controls (ITGC). For VIA there were several critical success factors for the process of ensuring compliance within their IT department. The solution should enable VIA to administer multiple sites. Controls had to easily be altered or added. Time spent on controls should be reduced. The ISO 27001 standard on information security had to be followed, and last but not least, support a more effective audit process.
VIA University College is the largest of seven university colleges in Denmark counting 18,500 students and around 2,100 employees. VIA has eight campuses located in seven cities throughout the country. The institution offers a wide range of educational programmes within areas such as health, technology, business and fashion. VIA strive to be a leading institution, nationally as well as internationally. Servicing all the campuses with IT-infrastructure and software is a major and crucial task. At the headquarter, the IT department is running a number of periodic IT general controls to ensure that everything runs stable and secure. These are controls such as backup routines, checking up on the condition of the University’s multiple server rooms, reviewing access logs and periodic user reviews. Previously the controls were supported by access databases, spreadsheets, log books and emails, making the process rather complicated for auditors.
With an objective to achieve compliance within the IT department, and on the lookout for a solution to support VIA’s ambition to comply with the ISO 27001 standard, VIA turned to Impero. Since the implementation of Impero in the beginning of 2016, the process of performing IT general controls (ITGC) has been streamlined. Supporting mobile devices, controls are now performed anywhere and anytime – for instance in the server room when doing daily inspections. External auditors are now granted access to relevant documentation suiting their audit requirements. These steps have assisted VIA University College in achieving compliance within their IT department.