Image

View report PDF5.83 MB
Audit snapshot
What we reviewed and why
The increasing complexity of ICT environments and risk of cyber security threats reinforces the need for agencies to have clear visibility and understanding of their ICT assets. To protect these assets and meet the requirements of the South Australian Cyber Security Framework, all agencies need to establish and maintain ICT asset management controls.
We reviewed the ICT asset management controls applied by six SA Government agencies from a variety of sectors.
What we found
We had no major concerns with the ICT asset management practices of the agencies we reviewed. Their controls varied, and we did identify some areas to improve. Our key findings included:
- ICT asset scanning and discovery discrepancies
- gaps in documented ICT asset management procedures
- inconsistent management of ICT assets
- gaps in documented ownership and classification of ICT assets
- a lack of periodic review and monitoring of ICT assets
- gaps in ICT asset sanitisation and disposal.
Good ICT asset management controls
Image

Documented procedures for onboarding, managing and offboarding ICT assets
Image

Vendor service monitoring arrangements
Image

Well maintained centralised ICT asset registers, with owners and classifications listed
Image
