ISO 27001 Compliance and IT general controls (ITGC) streamlined at VIA University College

Ensuring compliance in the IT department

Introducing VIA University College

VIA University College is one of the larger university colleges in Denmark with 19,200 students enrolled and around 2,100 employees. VIA has eight campuses located in seven cities throughout the country. The institution offers a wide range of educational programs within areas such as health, technology, business, and fashion. VIA strives to be a leading institution, nationally as well as internationally. Servicing all the campuses with IT infrastructure and software is a major and crucial task. At the headquarter, the IT department is running a number of periodic IT general controls to ensure that everything runs stable and secure. These are controls such as backup routines, checking up on the condition of the university’s multiple server rooms, reviewing access logs, and periodic user reviews. Previously the controls were supported by access databases, spreadsheets, logbooks, and emails, making the process rather complicated for auditors.

Finding a flexible solution

VIA University College was looking for a solution to ensure compliance within their IT department. The solution should be simple, yet flexible and support the management of relevant IT general controls (ITGC). For VIA there were several critical success factors for the process of ensuring compliance within their IT department. The solution should enable VIA to administer multiple sites, controls had to easily be altered or added, and the time spent on controls should be reduced. The ISO 27001 standard on information security had to be followed, and finally, support a more effective audit process.

To meet compliance standards within the IT department, and on the lookout for a solution to support VIA’s ambition to comply with the ISO 27001 standard, VIA turned to Impero. Since the implementation of Impero at the beginning of 2016, the process of performing IT general controls (ITGC) has been streamlined. Supporting mobile devices, controls are now performed anywhere and anytime – for instance in the server room when doing daily inspections. External auditors are now granted access to relevant documentation suiting their audit requirements. These steps have assisted VIA University College in achieving compliance within their IT department.