The document summarizes a diagnostic service offered by SingerLewak called the I+Diagnostic. The diagnostic provides an objective assessment of a business's information systems to identify vulnerabilities and strengths. It examines areas like information security, disaster preparedness, employee behavior, IT planning, network architecture, information management practices, software usage, and IT staff capabilities. The diagnostic is performed through interviews, observations, analysis, and an assessment report with recommendations. It aims to help businesses leverage more value from their IT systems.
Build a Business-Driven IT Risk Management Program
I+Diagnostic Overview
1. I+ Information Management Services
SingerLewak’s I+DIAGNOSTIC
Helping Businesses turn IT into a Valued Asset
What is the SingerLewak I+Diagnostic?
The I+Diagnostic is a custom-tailored, risk-oriented, objective assessment of a business’
information systems.
This service is designed to give a company’s executive team candid feedback regarding
the strengths, weaknesses, and vulnerabilities in their business’ information systems – and
to give proactive, and risk-mitigating recommendations for improvement.
It is the first step in helping management leverage VALUE from IT.
Why should a business consider a SingerLewak I+Diagnostic?
Most businesses are vulnerable from the very state of their information systems, data,
policies and staff – and may not realize just how vulnerable their systems are.
In fact, most growing businesses are exposed in the areas of information protection,
disaster preparedness, and network/communication infrastructures – among other areas.
Executives desire that their IT environment provide control and value. Not chaos. Without
control, business leaders lose sleep, lose an edge, and often don’t know where to turn.
We’re here to help.
How is the Diagnostic performed?
1. Measure the “Tone from the top”:
We ask management what concerns them about their systems, software,
reporting, and IT staff.
2. Observation/inquiry/analysis:
We investigate the computing environment and staff in as many as 9 areas
(see attached).
3. Assessment Report to management:
We report to management, illustrating key observations, focusing on
vulnerabilities.
4. Action plan:
We develop a critical action path of specific recommendations to fix
vulnerabilities – and build a foundation for the future.
Continued…
2. SingerLewak’s I+Diagnostic
Continued from Page 1
Systems Categories covered by the I+Diagnostic:
The areas below comprise the categories we can look into when we perform an I+Diagnostic. Not
every category is assessed for every business – it depends on management’s objectives. Which of
these would be valuable to investigate in your company?
1. INFORMATION SECURITY – INSIDE AND OUT:
How secure is the business’ information from internet-borne threats?
Is the business’ sensitive data secure from harm, theft or misuse by employees?
2. DISASTER PREPAREDNESS:
Can the business information systems survive a natural or unintended “disaster”?
How long would it take to resume operations and systems resources?
3. EMPLOYEE DIGITAL BEHAVIOR = THREATS TO SENSITIVE INFORMATION:
Does the behavior of employees on the web, and in email, put the company at risk?
Are employees given too much freedom to access to systems and key information?
4. INFORMATION TECHNOLOGY PLANNING – AN ACHILLES HEEL, OR AN ASSET?:
Is IT strategy in harmony with the strategic business plan?
How well does management actually “manage” the IT function?
5. NETWORK ARCHITECTURE AND DESIGN:
Is the network effectively designed, and can it accommodate future needs?
Have the network design, configuration and practices been documented in
anticipation of intended (or unintended) changes and consequences?
6. INFORMATION MANAGEMENT PRACTICES:
Is data stored, organized, secured, retained, and destroyed prudently?
Is private data protected in a manner to satisfy regulatory compliance?
Is trade secret and confidential information adequately safeguarded from theft?
7. SOFTWARE, WORK FLOWS, AND THE USE OF INFORMATION:
Does the mix of business software deliver efficiencies now - and in the future?
Does the existing software support the business’ activities and work flows?
Is information provided to those who need it? Is it timely? Accurate? Valuable?
8. IT STAFF CAPABILITIES AND SUCCESSION PLANNING:
Are the IT staff and/or outside IT providers competent?
Are procedures in place to aid in any staff transition or loss?
Rick Mark, Senior Manager - Enterprise Risk Management Services
21550 Oxnard Street, Ste. 1000. Woodland Hills, CA 91367
T. 818.251.1323/ rmark@singerlewak.com
2