ICT Installations SurveyCase Study

Introduction

Ajilon was contracted by a client to conduct a survey of the engineering status, support processes and assurance of their client’s Information and Communications Technology (ICT) installations within their organisation. The reason for this survey was that the organisation had encountered a number of unexplained and unplanned system outages. Fault identification and recovery from these incidents had been hampered by previous uncontrolled and unrecorded equipment change activities and a lack of management processes in the equipment rooms, mainly due to the pressures of business operational priorities. The client required a report on the findings from the surveys and also an assessment of the availability and suitability of extant policy and guidance for the installation and support of installed ICT systems.

Guiding Policy, Rules and Procedures

It was agreed that the survey would be conducted at a number of disparate sample sites and would assess the veracity of extant processes for the installation and support of ICT systems and the compliance thereof in accordance with the following UK statutory, Ministry of Defence (MoD) - as perceived best practice, this was not an MoD organisation and not bound by MoD regulations - and other requirements including:

JSP 604 Leaflet 4800 (MoD Regulations for the Installation of ICT)

IET Code of Practise for Cyber Security

IET Wiring Regulations 17th EditionApplicable Health & Safety at Work Regulations and Guidance Notes

Applicable ISO and British Standards

Local Security PolicyLocal Rules and Procedures.

ajilon.co.uk

ajilon.co.uk

Methodology

Following the rules procedures and guidance provided in the above documentation enabled Ajilon engineers to assess the overall physical safety, basic cyber defence status and the overall management of ICT system installation.

The survey included the following:

Visual inspection of a sample of ICT representative installations to include: electrical cable management, supply and isolation arrangements, earth bonding arrangements, safety labelling, physical security of racks and installed equipment.

Thermal Imaging of electrical distribution boards to identify hot-spots.

Assessment of environmental conditions to include: lighting, heating, air-conditioning physical hazards and fire protection arrangements.

Assessment of basic security arrangements to include: physical protection and containment, security vulnerabilities and potential Electromagnetic Compatibility/Interference (EMC/EMI) issues. Assessment of change processes and associated records as follows:

Previous project information.

Change proposals and requests for design endorsement.

Design Endorsement.

Installation completion statements.

Certificates of installation conformance.

Additionally, Ajilon engineers assessed:

The availability of local policy and regulations for the design, installation, management and assurance of ICT systems.

The availability and accuracy of master drawing records.

The accuracy and validity of ICT cabinet electrical safety certificates.

Any local ICT outage and resilience issue reports.

The structure, size and competency of the local team to support ICT systems.

The availability of Risk Assessments.

Identification of ICT risk owners.

The Ajilon Engineering Team

The initial survey was conducted over a number of weeks by the most highly qualified and experienced Ajilon engineers who, by virtue of their service, training and expertise, were able to make a timely and accurate assessment of the overall compliance status of the sampled ICT systems and support processes. It enabled them to make recommendations, as required, for more detailed testing and inspection and any remedial activity required.

Reporting and Recommendations

Ajilon produced a report on the findings of the initial survey identifying significant non-compliances and provide recommendations for further survey work and associated remedial actions for each site surveyed. A gap analysis report was produced along with a proposed remedial action plan. An executive summary of findings and recommendations from all sites was also produced. These report enabled the client to identify and address significant non-compliances and allocate resources for rectification activities accordingly. Ajilon was able to recommend suitable contractors to carry out the remedial work. Furthermore, Ajilon engineers carried out follow-up surveys to verify compliance of the remedial work.

Ajilon also produced a draft policy and regulations document for the design, installation and assurance of the ICT systems surveyed.

ajilon.co.uk

Conclusions

The Ajilon surveys confirmed the concerns of the client; many of the sites had shortcomings and non-compliances in their ICT systems. Safety, security and resilience issues were most notable. Many of these failures were as a result of the absence of clear lines of responsibility, poor change control processes and inconsistencies in the installation standards of sub-contractors.

Ajilon addressed all these issues in their site narrative reports, gap analysis reports and proposed remedial action plans. The client is now able to identify resource and to prioritise the necessary work. Furthermore, based upon the policy and regulations document produced by Ajilon, they have introduced processes and procedures to assist in the management, control and configuration of their ICT systems in the future thus avoiding the reoccurrence of issues identified in these surveys.

ajilon.co.uk

Contact the Ajilon team today to find out how we can support your organisation

enquires@ajilon.co.uk

01438 344983