IT Checklist

Area
Access Control
Application Security
BCP/DR
Change Management
Data Backup and Retention
Desktop Security
General IT
Human Resources
Incident Management
Internet Security
Logging and Monitoring
Network Security
Patch Management
Personnel Security
Physical Security (Operations Unit)
Physical Security (Servers/Networks)
Risk and Governance
Security Awareness Training
Server Security
SLA Management
Total Result
Control (empty)
(a) the steps involved such as the process to determine the most appropriate selection of environmental controls; disaster reco
Restoration testing is done for servers as per the restoration process defined in backup process.
Access to backup system, tape library, safe for storing backup media is restricted to authorized personnel as documented in tap
Are procedures defined for transporting tapes; location of removable media storage; identification of individuals with authority
Are the backup are stored in Tapes.
Data encryption policy need to be shared with us
Interview the MS SQL Database Administrator for the following:
- Which version of MS SQL server is installed on production ser
Is Data encryption policy present. If yes then need to be shared with us.
Is Database is backed-up every day. The frequency of backup is defined and documented.
Is defalut port like1531 used for Dbreplication blocked?
Monitoring of backup activity is done by the technology team. System is configured to notify the team through alerts about ba
Offsite movement of backup tapes is done in accordance with the tape movement procedure to ensure tapes are adequately s
Organization has defined a backup policy and an approved backup process to ensure availability of critical data at all times.
reports and other information used for instance documentation of the business resumption plan; off-site and on-site storage lo
Retention period of electronic data is defined
Tape stored in DR location. Storing of all media in a secured, environmentally controlled location.
Testing readability of backups ensures that the data is not prematurely lost due to deterioration of the media or unidentified p
The entity's database management system includes an active data dictionary, which is automatically updated for any changes t
What steps are involved to define significant data within the entity- How is it ensured that data is stored in compliance with ap
Worn-out of tapes tracker need to be shared with us
mental controls; disaster recovery plan; protection for backup media from temperature extremes, magnetic fields and water damage; monit
onnel as documented in tape movement procedure (part of Backup Process)

of individuals with authority from management to access removable media; key/access card control; preventive measures against theft and
installed on production server- Whether DPAPI (Data Protection API) is configured for the installation- Are tables/views containing sensitiv
eam through alerts about backup failures.

sure tapes are adequately secured.
critical data at all times.
ff-site and on-site storage location with resumption location noted; map to off-site storage location; listing of users who are authorized by m
the media or unidentified problems in writing the data. The storage media that is generally used to store backups is prone to gradual degra
y updated for any changes to the database.
ored in compliance with applicable retention periods and destroyed thereafter using appropriate disposal methods - How stored data is ca
fields and water damage; monitoring of maintenance of environmental controls; hazards identified and the controls and countermeasures
ntive measures against theft and vandalism; identification of the environmental controls in place,
tables/views containing sensitive data encrypted using DPAPI- Check if the DPAPI (Data Protection API) is supported in the Windows install
of users who are authorized by management to access removable media and the governing security policies, including how they are used,
ackups is prone to gradual degradation as the physical material decays. Procedures should ordinarily be performed that identify possible m
methods - How stored data is categorized and labeled to associate with applicable retention period- What reports and other information a
e controls and countermeasures implemented; procedures for reporting and responding to emergencies, (b) reports and other information
upported in the Windows installation.- Check if encryptbykey and decryptbykey functions are used to encrypt and decrypt the sensitive da
es, including how they are used,
rformed that identify possible media degradation or improper creation of backups before an unacceptable amount of data is lost. Periodic
reports and other information are available for history of electronic records requested for litigation; job descriptions and responsibilities of
b) reports and other information used for instance documentation of environmental controls; materials documenting test results for the m
ypt and decrypt the sensitive data stored in the database.- Check whether monitoring of access to sensitive data is done regularly
amount of data is lost. Periodic scanning of the media, verification of the backup creation, or restoration of the data, will usually indicate w
scriptions and responsibilities of records custodian; including how they are used- What procedures are performed when exceptions are enc
cumenting test results for the monitoring equipment; reports and follow-up describing any computer outages or damage resulting from an
e data is done regularly
f the data, will usually indicate whether the data can be read. When media degradation is discovered, the stored data should immediately
formed when exceptions are encounteredInterview the MS SQL Database Administrator to understand the following:
- Are database files re
ges or damage resulting from an environmental hazard; documentation on the disaster recovery/business continuity plans, including how t
stored data should immediately be transferred to new media. When backups are improperly written, a procedure should exist to correct an
following:
- Are database files regularly backed-up and on what frequency.- Are transaction logs enabled.- Are transaction logs regularly ba
continuity plans, including how they are used
cedure should exist to correct and reperform the process. The policies, procedures, standards, and guidance regarding testing the readabili
Are transaction logs regularly backed-up or archived.- Where are the backed-up database files and transaction logs stored. Are the backed-
e regarding testing the readability of backups typically include:
- Frequency of testing- Timing of testing and verification- Business impact o
tion logs stored. Are the backed-up database files stored offsite. How frequently are they taken offsite- Is the completeness of backup chec
d verification- Business impact of availability of data- Assignment of responsibility- Documentation produced during testing- Assessment of
he completeness of backup checked.- Are periodic restoration of database files and transaction logs performed.B104
ed during testing- Assessment of adequate recovery of data If backups are not readable, required data may not be available when it is need
med.B104
not be available when it is needed.
APPLICATION & GENERAL IT CONTROLS
S No. Area Control Checks
GI01 General IT Are security policies defined and circulated?
GI02 General IT Are these policies accessible for all employees through
their intranet portal?
GI03 General IT Has management ensured that all organizational policies
are clearly communicated, understood and accepted by all
levels in the organization ? (The communication process
should be supported by an effective plan that uses a
diversified set of communication means)
GI04 General IT Is IT operations and management committee present to

oversee the IT function , administration and regulatory
controls?
GI05 General IT The Information Technology Steering Committee (ITSC)
comprises of how many representatives?
GI06 General IT Does committee include representatives from senior
management, user management and the IT functions?
There is a formal information security policy duly
approved by executive management (CEO).
GI07 General IT Are strategic plans ready for IT that align business
objectives with IT strategies ? The planning approach
includes mechanisms to solicit input from relevant
internal and external stakeholders affected by the IT
strategic plans
GI08 General IT Is Technology / Business Architecture Road Map (short

term and long term) present ?
GI09 General IT Is InfoSec / BCP Investment Plan in line with the business
plan?
GI10 General IT Is Technology Organization Structure ready to support the
plan
GI11 General IT has IT management defined information capture,
processing, and reporting controls including
completeness, accuracy, validity, and authorization to
support the quality and integrity of information used by
business users / stake holders.
HR01 Human Resources Is Background checks were being conducted for all
employees of organization
HR02 Human Resources Confidentiality document has been signed by all
employees of organization
HR03 Human Resources onboarding / offboarding document process present
HR04 Human Resources resigned employee's exit process like deltetion of genreic
ids, DL ownership implemented ?
HR05 Human Resources Is Cross Skilling function implemented succesfully ? :
Succession planning involves the training of staff who can
take over the function technical , managerial skill sets of
another team member. Cross training involves staff
learning several job functions so that each may have more
variety in their work and can fulfill a backup role for each
other.
HR06 Human Resources Compliance with employee performance appraisal policies

is monitored : - Performance appraisals should be done on
a regular basis by the HR and/or by higher level
management. This includes reviewing the appraiser's
written records, sitting in on appraisal interviews,
comparing employees' self appraisals with those of the
appraiser, and conducting concurrent, independent
appraisals.
Failure to monitor compliance with employee
performance appraisal policies may result in:
- Appraiser giving biased appraisals based on personal
feelings toward the employee rather than objective
performance criteria.
- Personnel may be placed in inappropriate positions
where they are over- or under-qualified. This results in
under utilization of resources or incompetence.
- If an employee receives an unfair negative appraisal, the
organization can potentially be exposed to legal liabilities.
- Inappropriate decision making may occur with respect to
personnel matters due to the lack of proper performance
evaluation.
HR07 Human Resources Formal or on-the-job training is provided to all personnel

within the computer processing environments based on
regular performance assessments and is monitored by
management.
PS01 Physical Security Biometrics Physical Access Controls were found to be in

(Operations Unit) place.
Is entry /exit register found for IN/OUT Asset movement
from Data Centre.
PS02 Physical Security Is Entry is also validated by Access card- What information
(Operations Unit) Access card contains
PS03 Physical Security Is Visitor is always accompanied by authorized personnel
(Operations Unit) from organization.
PS04 Physical Security Is Data centre and/or Data centre door access is not
(Operations Unit) guarded by Security personnel
PS05 Physical Security Are Serial Numbers of Laptops were not noted and
(Operations Unit) checked on entry and exit
PS06 Physical Security Is Data centre visitor register get maintained ?
(Operations Unit)
PS07 Physical Security Is latest entry /exit data found relavant for employees and
(Operations Unit) visitors ?
PS08 Physical Security User access review (physical access) is performed on
(Operations Unit) periodic basis to ensure access is restricted with
authorized individuals.
PS09 Physical Security Is Entry /exit register found for in/OUT Asset movement
(Operations Unit) from Data Centre.
PS10 Physical Security Reference manual should be available with DC team with
(Operations Unit) detailed steps to handle emergency exit
PS11 Physical Security Is Reference manual available with DC team with detailed
(Operations Unit) steps to handle emergency exit
PS12 Physical Security examining client documentation that the management
(Operations Unit) periodically monitors the effectiveness of the
environmental control mechanisms in accordance with
established policies and procedures
PS13 Physical Security Check reports for acquisition, maintenance and test of
(Operations Unit) smoke/fire detection and suppression mechanism, testing
reports , instructions for how they are used, the
procedures performed when unusual items such as non
working fire detection are encountered,
AC01 Access Control Each employee must use his unique user ID / password to
login to systems/servers/ networks
- Root access is provided only to IT custodians for
maintenance & administrative tasks.
- Access control matrix was not available for reference
AC02 Access Control Access control matrix should be present for reference.
AC03 Access Control What is role based access defined for L0/L1/L2/L3
employees
AC04 Access Control Management relies on possible role based segregation of
access control between production & development
systems, with in 24x7 operations environment.
AC05 Access Control Role based authenication shouldbe present
AC06 Access Control Are Controls implemented secured enough to prevent
unauthorized use, disclosure, modification, damage or loss
of data.
AC07 Access Control There is entity wide access control policy which includes
guidelines on effective password controls. This policy is
enforced on the IT system.
AC08 Access Control The IT system requires authentication of user access to
support the existence of the transaction. A security
standard framework has been developed to meet
requirements of ISO27001.
AC09 Access Control Is there process to review a list of active users to ensure
authorized and appropriate access exists.
AC10 Access Control Is there defined process for granting, modifying and
revoking access to IT systems.
AC11 Access Control Generic ids should not be used for logins
NS01 Network Security Complete Network architecture diagram for Data Centre
was available
NS02 Network Security Logging mechanism was available for all CLI commands
NS03 Network Security Router/Switches configuration having enable secret

password command
NS04 Network Security Service password encryption was enabled on
routers/Switches
NS05 Network Security Is CORE Switches having single SUP engine , RPR+ mode
enabled
NS06 Network Security The IT department has established perimeter security
controls through the installation of firewalls and intrusion
detection/prevention systems to prevent unauthorized
access.
NS07 Network Security IT security administration along with respective teams

monitors and logs security activity (such as unsuccessful
login attempts etc.) at the operating system, application
and database levels and identified security violations are
reported to senior management as a part of ongoing IS
Incident Management Process.
NS08 Network Security System infrastructure, including firewalls, routers,

switches, network operating systems, servers and other
related security devices, are properly configured (ACLs,
Static IPs etc.) to prevent unauthorized access.
NS09 Network Security Accordingly, network and communication software affects

the speed and availability of communication among
application systems, data storage, and users on the
network it supports. Failure to implement network
components properly may result in increased network
downtime and/or reduced communication speeds.
Frequently, management’s intentions for implementation
of network and communication software are documented
in the entity’s information system plans and/or budgets.
NS10 Network Security Network devices are used to protect SAP R/3 servers from
unauthorized access. Appropriate packet filtering is
configured to protect SAP R/3 servers from theuser
community.
NS11 Network Security Network subnets are implemented such that SAP R/3
production servers are on a logically separate subnet.
NS12 Network Security A formal methodology or process is used to guide the
acquisition, development or maintenance of hardware,
application systems, network and communication
software and systems software.
PM01 Patch Management Is Patch management policy in place
PM02 Patch Management Desktop patches are pushed through a centralized server.
PM03 Patch Management Server patches are first tested in a test server and then
deployed on production.
PM04 Patch Management Sample records for server patch management were
presented during the audit.
PM05 Patch Management There is a defined patch management process which
guides the team through for implementation of Normal &
Emergency patches on Desktops, Servers, Network,
database,firewalls and Voice gateways, EPBXsystems.
DS01 Desktop Security Desktop security policy is in place.

DS02 Desktop Security Desktop security is centrally handled. It Includes:
- Domain controller
- AV updates
- Local admin
Unauthorised software etc
DS03 Desktop Security The administrator ID (Desktops) is restricted to the IT

personnel which prevents installation of unauthorized
software by user. The access configuration at user level
restricts accessing unauthorized programs, internet and
software and modifying current configuration.
DS04 Desktop Security Multiple levels of virus protection are implemented on

internal servers, desktop, laptops. Different Antivirus
tools are used for Gateway level and Internal Scanning.
DS05 Desktop Security Antivirus status report are generated from antivirus
system and exceptions are identified, researched and
corrected.
DS06 Desktop Security Policies and procedures related to the checking for
viruses before being loaded onto the entity's system and
checks related to the loading of anti virus software on all
entity's computers and on any computer that is allowed to
connect to the entity's network
DS07 Desktop Security Reports regarding actual results of virus scans and other
information used, including how they are used,
DS08 Desktop Security the procedures performed when unusual items such as
detected viruses are encountered,
DS09 Desktop Security Obtain evidence that corroborates the responses to our
inquiries by examining results of virus scans that the
control activity was performed in accordance with
established policies and procedures.
DS10 Desktop Security Reports of virus scan results and other information used,
including how they are used,
DS11 Desktop Security The procedures performed when exceptions such as
undetected viruses, or unusual items are encountered and
how a follow up is performed,
DS12 Desktop Security Users are required to update the virus signature lists
within their anti-virus software and scan all external
programs and data before downloading to their computers
DS13 Desktop Security The steps involved such as frequency and timing of
updates; authorized source for updated virus signature
list; virus signature update notification process; vendor
support for anti-virus software,
DS14 Desktop Security reports and other information used for instance
agreement with anti-virus software vendor; news releases
from vendor announcing updates, including how they are
used
DS15 Desktop Security Maintaining an inventory of software, proof of ownership

for all licensed software, approval of software used by
management, periodic reviews of software use versus the
inventory documentation, action taken when unapproved
or unlicensed software is in use.
DB01 Data Backup and Organization has defined a backup policy and an approved
Retention backup process to ensure availability of critical data at all
times.
DB02 Data Backup and Is Data encryption policy present. If yes then need to be
Retention shared with us.
DB03 Data Backup and Are the backup are stored in Tapes.
Retention
DB04 Data Backup and Retention period of electronic data is defined
Retention
DB05 Data Backup and Data encryption policy need to be shared with us
Retention
DB06 Data Backup and Access to backup system, tape library, safe for storing
Retention backup media is restricted to authorized personnel as
documented in tape movement procedure (part of Backup
Process)
DB07 Data Backup and Offsite movement of backup tapes is done in accordance
Retention with the tape movement procedure to ensure tapes are
adequately secured.
DB08 Data Backup and Tape stored in DR location. Storing of all media in a
Retention secured, environmentally controlled location.
DB09 Data Backup and Monitoring of backup activity is done by the technology
Retention team. System is configured to notify the team through
alerts about backup failures.
DB10 Data Backup and Worn-out of tapes tracker need to be shared with us
Retention
DB11 Data Backup and
Retention Restoration testing is done for servers as per the
restoration process defined in backup process.
DB12 Data Backup and Are procedures defined for transporting tapes; location of
Retention removable media storage; identification of individuals
with authority from management to access removable
media; key/access card control; preventive measures
against theft and vandalism; identification of the
environmental controls in place,
DB13 Data Backup and reports and other information used for instance
Retention documentation of the business resumption plan; off-site
and on-site storage location with resumption location
noted; map to off-site storage location; listing of users who
are authorized by management to access removable media
and the governing security policies, including how they are
used,
DB14 Data Backup and What steps are involved to define significant data within
Retention the entity
- How is it ensured that data is stored in compliance with
applicable retention periods and destroyed thereafter
using appropriate disposal methods
- How stored data is categorized and labeled to associate
with applicable retention period
- What reports and other information are available for
history of electronic records requested for litigation; job
descriptions and responsibilities of records custodian;
including how they are used
- What procedures are performed when exceptions are
encountered
Interview the MS SQL Database Administrator to
understand the following:
- Are database files regularly backed-up and on what
frequency.
- Are transaction logs enabled.
- Are transaction logs regularly backed-up or archived.
- Where are the backed-up database files and transaction
logs stored. Are the backed-up database files stored offsite.
How frequently are they taken offsite
- Is the completeness of backup checked.
- Are periodic restoration of database files and transaction
logs performed.B104
DB15 Data Backup and Interview the MS SQL Database Administrator for the
Retention following:
- Which version of MS SQL server is installed on
production server
- Whether DPAPI (Data Protection API) is configured for
the installation
- Are tables/views containing sensitive data encrypted
using DPAPI
- Check if the DPAPI (Data Protection API) is supported in
the Windows installation.
- Check if encryptbykey and decryptbykey functions are
used to encrypt and decrypt the sensitive data stored in
the database.
- Check whether monitoring of access to sensitive data is
done regularly
DB16 Data Backup and Testing readability of backups ensures that the data is not
Retention prematurely lost due to deterioration of the media or
unidentified problems in writing the data. The storage
media that is generally used to store backups is prone to
gradual degradation as the physical material decays.
Procedures should ordinarily be performed that identify
possible media degradation or improper creation of
backups before an unacceptable amount of data is lost.
Periodic scanning of the media, verification of the backup
creation, or restoration of the data, will usually indicate
whether the data can be read. When media degradation is
discovered, the stored data should immediately be
transferred to new media. When backups are improperly
written, a procedure should exist to correct and reperform
the process. The policies, procedures, standards, and
guidance regarding testing the readability of backups
typically include:
- Frequency of testing
- Timing of testing and verification
- Business impact of availability of data
- Assignment of responsibility
- Documentation produced during testing
- Assessment of adequate recovery of data
If backups are not readable, required data may not be
available when it is needed.
DB17 Data Backup and (a) the steps involved such as the process to determine
Retention the most appropriate selection of environmental controls;
disaster recovery plan; protection for backup media from
temperature extremes, magnetic fields and water damage;
monitoring of maintenance of environmental controls;
hazards identified and the controls and countermeasures
implemented; procedures for reporting and responding to
emergencies, (b) reports and other information used for
instance documentation of environmental controls;
materials documenting test results for the monitoring
equipment; reports and follow-up describing any
computer outages or damage resulting from an
environmental hazard; documentation on the disaster
recovery/business continuity plans, including how they
are used
DB18 Data Backup and The entity's database management system includes an
Retention active data dictionary, which is automatically updated for
any changes to the database.
DB19 Data Backup and Is defalut port like1531 used for Dbreplication blocked?
Retention
DB20 Data Backup and Is Database is backed-up every day. The frequency of
Retention backup is defined and documented.
CM01 Change Management Controls provide reasonable assurance that system
changes of financial reporting significance are authorized
and appropriately tested before being moved to
production.
CM02 Change Management Is there is formal and documented change (program

changes and system changes) management process, which
includes change controls around change initiation,
approval, tracking and testing thereof.
CM03 Change Management Emergency change requests are documented and subject
to formal change management procedures. Emergency
changes are supported by adequate documentation.
CM04 Change Management There is adequate segregation of duties between

development staff and the staff responsible for moving a
program into production.
CM05 Change Management Changes are made in a controlled and restricted

environment.
CM06 Change Management Changes are carried out after analysing of change
management request through intranet portal.
CM07 Change Management Is change management policy in place.
CM08 Change Management Changes implementation and expiration dates being
tracked.
CM09 Change Management User Acceptance testing (UAT) is carried out by business
team for changes made in the existing application.
CM10 Change Management Are Changes once done are recorded through intranet
portal for future reference.
CM11 Change Management Changes are discussed and analyzed in pre -Change
Advisory Board (CAB) meeting
CM12 Change Management Are Changes are approved by Change Advisory Board
(CAB)
CM13 Change Management What are the procedures performed when no management
approval has been given, ,how the control activity is
performed in their absence, and any changes to the control
activity during the period of intended reliance, including
changes in the individuals who perform the activity. Obtain
evidence that corroborates the responses to our inquiries
by examining client documentation e.g. documented and
approved contingency plans, that an enterprise-wide
business continuity plan and results of tests of the plans
have been prepared and approved by management in
accordance with established policies and procedures.
CM14 Change Management Controls provide reasonable assurance that system
changes of financial reporting significance are authorized
and appropriately tested before being moved to
production.
CM15 Change Management All Security approval in place for IT related changes.
CM16 Change Management any changes to the control activity during the period of
intended reliance, including changes in the individuals
who perform the activity.
CM17 Change Management Is Proper management approval process in place.
CM18 Change Management Obtain evidence that corroborates the responses to our
inquiries by examining information systems purchases
and evidencing documents that the approval of
management was given in accordance with established
policies and procedures.
IM01 Incident Management Incidents are tracked through intranet portal for future
reference.
IM02 Incident Management RCA report to be checked during audit.
IM03 Incident Management Significant IT events or failures ,Security breaches, major

system failures, etc. to be reported in a timely manner to
all business stakeholders & senior management.
IM04 Incident Management Incident management policy in place. Is there process

defined for the Incident Management
IM05 Incident Management Root cause analyses of all the incidents are done and
appropriate corrective and preventive action is taken
IM06 Incident Management All major security incidents in the organization are
centrally reported to the Information Security Group
(InfoSec) team, who in-turn use the information security
incident management process and engage with the
respective functions in the organization, depending upon
the source and impact of the incident
LM01 Logging and Check if OS & DB Auditing are enabled for servers.
Monitoring
LM02 Logging and Are notification incidents reported through log

Monitoring monitoring.
LM03 Logging and Audit logs are not reviewed with the help of automated
Monitoring software. (eventlog analyser)
LM04 Logging and Are Real time alerts are configured for critical events .
Monitoring
SS01 Server Security Vulnerability assessment and Penetration testing reports
were available during the audit with all findings closed ?
SS02 Server Security Secure Configuration document for VA not present during
Audit.
SS03 Server Security Performance of computer processing environment is
monitored typically through the measurement of the time
it takes for the system to perform various tasks or run
certain programs. Capacity utilization measurement
typically involves the comparison of the use of a resource
to the finite limit that it may be used. Some examples are:
(1) disk capacity used; (2) network traffic; and (3)
processor utilization. Often there will be a relationship
between capacity and performance; as remaining capacity
decreases performance levels degrade. This is typically a
slow degradation that rapidly worsens as the maximum
capacity is approached. Poor performance may also be a
result of capacity factors as well as poor application design
or data fragmentation. Regular reviews of performance
and capacity utilization should be performed to ensure
that progressive capacity problems are addressed before
they have a material effect on performance. Where
performance is poor and capacity does not appear to be
the cause, other areas can be investigated to establish the
cause. Without performance and capacity monitoring,
problems may not be easily corrected and may cause
systems to fail.
AS01 Application Security Are the System being tested ,validated before placed into
production ?
AS02 Application Security Interfaces with other in-scope systems are tested to
confirm that data transmissions are complete, accurate
and valid. Example - records are accurate and valid.
AS03 Application Security If assessment was done and number of high and medium
findings found closed?
AS04 Application Security Is manual appSec done post scanning report ?
AS05 Application Security Application security testing reports were available during
the audit
AS06 Application Security Application testing calendar for critical applications was
clearly defined ?
AS07 Application Security User acceptance testing is also carried out to ensure that
deployed systems are operating as intended.
AS08 Application Security Application controls (input, output and processing
controls) that support complete, accurate, authorized, and
valid transaction processing are considered and captured
during detailed design phase.
AS09 Application Security Batch and on-line processing procedures are defined to
ensure that jobs and/or transactions are processed to
normal completion or are recovered and reprocessed.
proprietary software developed, maintained, and operated
by an outsourced vendor. Depending on the source of an
application, control activities related to the
implementation of application systems will vary. However,
control activities should ordinarily include testing the
system to ensure that it functions as inte
AS10 Application Security In many cases, data will need to be copied and converted
from the old application system to the new application
system. Control activities should be implemented to
ensure that the data in the new application system is
complete, accurate, and valid. These activities may include
removing invalid and erroneous data from the existing
data before or during conversio
AS11 Application Security Testing is done for all application roll-outs and significant
changes in applications and infrastructure. Testing is
usually Functional and User Acceptance.
AS12 Application Security Are associated controls operate as intended and support
financial reporting requirements.
IS01 Internet Security Internet connection is given only as per need basis.
Security control measures are found to be in place
IS02 Internet Security Typically, changes to existing application systems should

undergo an evaluation, authorization, and implementation
procedure to ensure they have the intended effect and
minimize user disruption.
IS03 Internet Security changes might be rolled out to the smaller and less critical
processing locations first. Also, care should be taken to
provide the capability to revert to the prior version of the
software if the modification does not perform as
anticipated. Because application systems may require
emergency modifications to resolve processing errors,
special procedures should provide for subsequent review
and testing of emergency changes to ensure that they
function in a manner that is consistent with management’s
intentions. I
IS04 Internet Security Are content filtering applied on proxy servers ?

IS05 Internet Security Is logging mechanism available to generate per user / per
domain report ?
PSY01 Physical Security Hostnames on devices were labelled properly.
(Servers/Networks)
PSY02 Physical Security Has All patch cords has been tagged correctly.
(Servers/Networks)
PSY03 Physical Security CCTV cameras installed.
(Servers/Networks)
PSY04 Physical Security Is Back upto 90 days was available & BMS personnel.
(Servers/Networks)
PSY05 Physical Security Can videos be presented last 30 -60 days (as per defined in
(Servers/Networks) IT-Security policy).
PSY06 Physical Security Servers & network racks were open with keys placed on
(Servers/Networks) doors itself
ST01 Security Awareness Security awareness sessions/ mailers sending on regular
Training basis .
ST02 Security Awareness Vendors who handles organizational data centre doesn’t
Training have access to these mailers. Are Vendors been educated
through security mailers/ sessions.
ST03 Security Awareness Are Security mailers should be maintained for records.
Training
ST04 Security Awareness Security department should include their presentation
Training during induction of employees
PS01 Personnel Security Whenever employee or vendor resigns , How is their
server/Network devices/data centre access termination
process takes place?
PS02 Personnel Security How Resignation of employees OR Termination of
employees process is being handled
PS03 Personnel Security Is Backgroundcheck policy in place ?
BP01 BCP/DR Is Business continuity plan is documented and it is
approved by the management.
BP02 BCP/DR DR drills are periodically done. Are reports for the same
mantained ?
BP03 BCP/DR The steps involved such as business impact assessment;
teams including users and information systems staff to
develop, test, update and maintain the business continuity
plan; change management of plan; training procedures,
BP04 BCP/DR Understand and document the policies and procedures

related to the fact that an enterprise-wide business
continuity plan has been prepared and approved by
management
BP05 BCP/DR The Organization has an independent internal audit

function that is responsible for reviewing and auditing the
IT activities and controls. Other than the periodic audit,
there is a follow up validation exercise conducted on
quarterly basis to assess the improvement, mitigation and
progress of agreed action items. This also includes the
review of pertinent third party service providers in IT.
BP06 BCP/DR Inventory of backup; error log for backup testing;
documentation of problems and resolution, including how
they are used, the procedures performed when
unreadable backups are encountered, how the control
activity is performed in their absence, and any changes to
the control activity during the period of intended reliance,
including changes in the individuals who perform the
activity.
SM01 SLA Management It is recommended that service level agreement should be

available clearly defining scope of work & escalation
matrix between two parties
SM02 SLA Management Is Service level agreement is ready and communicated to
all the stake holders
SM03 SLA Management Service levels are defined and managed in a manner that
satisfies financial reporting system requirements and
provides a common understanding of performance levels
by which the quality of services will be measured
SM04 SLA Management Service Levels ,roles and responsibilities are defined by
means of a service agreement between Client X and its
business partners/ external vendors / Internal Clients.
SM05 SLA Management IT operations monitor service delivery for key business
operations on a monthly basis and there are Quarterly
Business Review Meetings wherever requested by clients.
SM06 SLA Management Are adequete Controls presnt to insure that third-party
services are secure, accurate and available in business
hours
SM07 SLA Management Are third party vendors/ business partners/ channel
partners support data processing in terms of integrity ,
authorization, authentication and performance.
SM08 SLA Management Service levels are monitored, reviewed and reported by
designated individuals as applicable.
SM09 SLA Management An annual review is performed by external auditors of
third-party application service providers to ensure
security, integrity and availability of data.
SM10 SLA Management The steps involved such as comparison of proposals
received, requirements met, and the proposal excepted;
assessment of vendor past performance; approval
authority required for different expenditure amount and
type of purchases; process to ensure that all outsourcing
vendors are approved,
SM11 SLA Management Reports and other information used for instance samples
of outsourced vendor selection documentation (proposals,
responses, contracts); sample of vendor performance
tracking, including how they are used,
SM12 SLA Management The procedures performed when unacceptable risks are
encountered,
SM13 SLA Management Reports and other information used for instance
documented impact analysis and supporting documents
outlining recovery strategy; documented results of
exposures and risk assessment; minutes of meetings on
contingency plans; contracts related to contingency plans,
including how they are used
RG01 Risk and Governance The IT Organization works along with the InfoSec, who is
responsible for establishing the entity level and activity
risk assessment framework. This risk assessment exercise
is conducted on an annual basis. Residual risk is reviewed
and approved by management.
RG02 Risk and Governance The risk assessment methodology covers a periodic
review of critical areas with the management through an
established management security forum, which is
represented cross functionally by Information Security
Group, Technology, HR and Business Operations. This
forum reviews, brainstorms and plans the direction based
on previous audit assessments and emerging business
dynamics, using a Risk Probability Equation and its
applicability.
RG03 Risk and Governance Is Risk asseement performed to identify an appropriate

and cost-justifiable information security architecture
,which includes valuation of business information
resources and identification and assessment of the levels
of risk present .
RG04 Risk and Governance Reports and other information used for instance
information security architecture and recent changes;
security policy; risk analysis; records of communication
between security officer and affected parties; audit reports
and evaluation of security; list of recently implemented
application systems, including how they are used.
RG05 Risk and Governance The procedures performed when the risk assessment is
not periodically updated; management did not review the
information security architecture.
RG06 Risk and Governance list of recently implemented application systems and
business continuity plans that the risk assessment was
performed in accordance with established policies and
procedures.
Existing Control Description Control Owner
Security policy are defined but not circulated through intranet portal Amit Ji
of the company "intranet.msumindia.com". It is accesable to all
employees.
Yes Amit Ji
???
Details with minutes
No Such commmittee
No Such commmittee
No such document avaiable
documents
documents
documents
The company has defined IT Policy and Procedure and accordingly all
processes and repoting are controlled.
HR
HR
HR
Yes HR
HR
HR
HR
No, sisha khula hai
No, sisha khula hai
Yes
No Security guard is required as Data Centre is after the office of IT
No Serial number were noted at Gate\
Maintained
yes, in data centre register

Hardware team member Mr. Narendra Singh use to check on random
basis on perodic interval. One person is covered atleast in one month
span.
yes
to be prepared
to be prepared
not such policy defined. Though company has Information

Technology Policy and Procedures which over few part of
environmental control mechanism but no documentation for testing
has been recorded.
to be provided
It is in place in IT Policy. Refer page no. 51 onwards
to be looked into

Yes but not adequate
Yes
to be check
Documentation rqeuired
Yes in IT Policy
No
yes
to be tested by Shubham
Gateway Firewall : Fortinet and user level Firewall : symentec and

Fortinet "End Point Security"
yes
configuration chart
yes
yes, control through port filtering from firewall and sap router.
use 255.255.255.0 subnetmask for sap servers
Yes in IT Policy
No Policy defined
NO
as per standar, no patch directly load on prd server.
on desktop, patch directly upload on desktop. Firewall patch upload

when release. For sap server we check if patech is required, then
upload.
Yes in IT Policy
yes
yes
yes (firewall antivirus and destop anti virus) Fortinet and Fortinet
client, norton antivrus
yes
Yes in IT Policy
yes
Yes in IT Policy
yes
Yes in IT Policy
Yes in IT Policy ( IT Network person check regularly)

monthly
all License software use in company
yes in IT policy
yes, define when we maintain mail on mobile, google data encrytion

policy load then u can access mail.
backup on external hdd
Desktop / Laptop Back up - overwritting files - big issue
yes in IT policy
yes in IT policy
Yes in IT policy
yes
Yes Backup Register
yes - in IT policy tested on 14 feb.
yes in IT policy
yes in IT policy , IT head and Network Eng. Is authorized
We maintain realtime backup on DR server, for offline, we maintain

complete backup on HDD, we maintain off line backup 3 month. After
3 month offline backup overwrite..
All data proteded in Encryted form, Encrypt and decrypt nly when
the data backup or retreive. This is stanrdard in sybase & oracle
functionalaty
every qtr we upload the prd data in quality server., previously 14 feb
we upload the data, now in this week, we upload the data from prd to
quality.
yes
yes
yes first develop the program in development server, then tested in
quality server and after test by user, system transfer on prd server.
yes
yes
yes only (Ithod) user can transfer the request on prd server.
yes
no through mail and physical doc.
yes in system
confirm on mail
no,
Change discuss with request user, and aproval of related department

head.
no advisory board available, Change discuss with request user, and
aproval of related department head. If required, approval by CEO sir
Change request register

yes change request register

yes in IT policy
yes in It policy
Yes in IT Policy
Yes in IT Policy
yes in IT Policy
as discussed
for future we maintained

not satisfied
yes
yes, without accurate data not transfer in other system,
yes
yes
not applicable, only salary and wages voucher transfer in sap through
bdc
yes
yes
yes in IT policy
yes in IT policy
yes defines as procedure
per user report available
yes
yes
installed in company, but not in datacentre
yes
yes - 15 days cctv backup available
datacentre room and server lock with keys
yes
mail training session continous run
last 3 days maintain
yes in IT policy
yes
yes in IT policy, we maintain in this manner : we use san storage,

maintain , data mirroring, realtime backup, daily offline backup
Daily log check
DR Server using : Realtime date transfer
no
Yes in IT policy
Yes
Yes in IT policy
Yes
yes maintain call register
yes
yes
yes
no
yes in IT policy
yes in IT policy
Yes in IT policy
Control Type
Entity Control (Preventive/De Test Procedure Observations
(HO/SBU) tective)
required required
no such committee
required
required
required
required required
Documentation rqeuired Documentation rqeuired

Sunday Sunday
Sunday
Risk Recommendations
(High/ Medium/ Low)
sno MODULE USER
1 MM ANIL LATH
2 MM SANJEET
3 MM SUBHASH
4 SD CMO
5 HR MANIPAL
6 SD CMO
7 MM RAMESH SHARMA
8 MM ANIL LATH
9 MM ANIL LATH
10 MM ANIL LATH
11 MM ANIL LATH
12 MM ANIL LATH
13 MM HASMUKH PATEL
14 MM RAMESH SHARMA
15 SD HASMUKH PATEL
16 MM SANJEET
17 PM ELECTRICAL TEAM
18 MM VIPIN
19 SD CMO
20 MM KAMAL
21 SD SUNIL
22 PP SUDIP MONDAL
23 MM TAPASVI
24 PP SUDIP MONDAL
25 PP SUDIP MONDAL
26 SD RAJA RAM
27 QM TQM
28 MM SANJEET
29 QM TQM
30 MM ABHISHEK
31 MM ABHISHEK
32 PP NAVEEN
33 PP NAVAL
34 PP NAVAL
35 PP NAVAL
36 PP INDARJEET DHAIY
37 PP MANISH JOSHI
38 PP KAPIL
39 PP SUDIP MONDAL
40 PP NAVEEN
41 MM VIPIN
42 SD
43 SD SANJEET
44 SD MANOHAR
45 SD
46 PP NAVEEN
47 PP NAVEEN
48 PP NAVEEN
49 SD BRIJESH
50 SD SANJEET
51 SD MANOHAR
52 PP SUDIP MONDAL
53 PP RAVI RANA
55 MM RAMESH SHARMA
56 SD AMIT SHARMA
57 SD MANOHAR
58 HR NITIN LADDA
59 SD RAJA RAM
60 SD VIPIN
62 PP KAPIL
63 PP MP GAGAR
64 PP SUNIL
65 PP SOHAN
66 PP SUDIP MONDAL
67 PP NAVEEN
68 PP SOHAN
70 MM SANJEET
71 PP SUNIL
72 MM SANJEET
73 BASIS AMIT SHARMA
74 FI HASMUKH PATEL
76 MM SUNIL
77 SD CMO
78 SD CMO
79 SD CMO
80 MM RAMESH SHARMA
81 MM RAMESH SHARMA
82 SD CMO
83 SD CMO
84 SD RAJA RAM
86 PP
87 SD RAJA RAM
88 FI PINKESH JI
90 MM RAMESH SHARMA
91 FI CFO
92 SD CMO
94 FI ANKUR
99 MM RAMESH SHARMA
100 SD CMO
101 PP NAVAL
103 FI HASMUKH PATEL
104 MM HASMUKH PATEL
107 SD CMO
108 PP AMANDEEP
109 SD MANOHAR
110 MM RAMESH SHARMA
112 SD VIPIN
113 SD VIPIN
115 FI PINKESH JI
122 PP SUDIP MONDAL
123 PP SANJEET
124 FI PINKESH JI
125 PP SANJEET
126 SD MANOHAR
127 SD POOJA
128 SD POOJA
129 SD TAUFEEQ
130 SD TAUFEEQ
132 SD POOJA
133 SD POOJA
134 PP NAVEEN
135 PP SANJEET
136 PP IQBAL
137 PP PPC TEAM
138 PP MAHENDER
139 SD TAUFEEQ
140 SD CMO
142 MM KAMAL
143 SD CMO
144 PP SUNIL
145 SD TAUFEEQ
147 PP RP SINGH
148 PP NAVEEN
149 SD CMO
150 SD TAUFEEQ
151 SD TAUFEEQ
155 PP NAVAL
156 PP SUDIP MONDAL
158 PP SHAILENDER
159 SD MANOHAR
160 PP
161 PP
163 SD MANOHAR
164 SD MOHIT
165 SD SUNIL
167 PP SOHAN
168 PP IQBAL
169 MM SANJEET
170 PP IQBAL
171 PP IQBAL
172 PP
173 PP IQBAL
174 PP NAVAL
175 PP NAVEEN
176 PP SOHAN
177 PP NAVEEN
178 SD SUBHASH
181 PP SUDIP MONDAL
182 SD VIPIN
183 SD MANOHAR
184 PP
187 BI VCENTRIC BI TEA
188 SD MANOHAR
189 SD ANKUR
190 SD
195 SD
196 SD
197 SD POOJA
198 PP SOHAN
199 PP NAVAL
200 SD MANOHAR
201 SD HASMUKH PATEL
203 SD POOJA
204 PP SUNIL
205 SD
206 SD
207 PP RAM ASHIS
208 MM ANIL LATH
211 SD
215 PP SHAILENDER
216 SD CMO
217 SD RAJA RAM
219 SD SUBHASH
220 SD MANOHAR
221 SD
222 SD SALES TEAM
223 SD
226 FI POOJA
227 SD CMO
228 SD CMO
229 SD CMO
232 PP SOHAN
233 PP SOHAN
234 SD MANOHAR
236 PP TQM
237 PP IQBAL
238 PP INDARJEET DHAIY
239 SD MANOHAR
241 SD AMIT SHARMA
242 PP IQBAL
243 PP IQBAL
244 SD
245 SD
246 MM ANIL LATH
247 PP
248 PM ELECTRICAL TEAM
249 PP
251 SD TQM
252 SD
254 SD SOHAN
255 SD
256 SD
257 PP RAVI RANA
258 PP SOHAN
260 QM TQM
262 SD
263 SD
264 PP RAVI RANA
265 MM KAMAL
267 PP
268 PP IQBAL
269 MM PINKESH JI
270 FI SANJEET
271 MM N K KABRA
272 SD
273 SD
274 PP TAUFEEQ
275 PP RAM ASHIS
276 PP RAM ASHIS
277 SD
278 PP
279 PP IQBAL
280 PP SANJEET
283 FI SANJEET
284 SD
286 MM AMIT SHARMA
287 MM PINKESH JI
Particular of Task
Change in Zprprint Report
New Budget assign at the time of PR creation.
Create The Data for MSUM Group Insurance Policy.
Set Payment Status Folio manager wise
Change the software of Finger Punch Machine
Changes in ZCUSTINTN
Changes in GP print
changes in PO print
Changes in Domestic INV print
Changes in PR print
Change in Purchase Order Print
Change in Purchase Order
Create a New Report Raw Material Vendor Evaluation
Change in Gate Pass Report
Changes in ZCHQ
Changes for PR budget
Changes for BDC for IP02
Changes in ZRMVEND
Changes in Sample INV
Prepare Entry for BIN For Old packed Bale in poplin Business
Change in Packing Slip For dispatch in SS division
Change in Sizing Production Entry , Swapping Net wt to Gross wt
Changes in automail for PO
Smartform for loom card
Driver Program for loom card
Change Export Fabric in SS division
Change In Quality Testing For Dyelot
Change in material Ageing report
Change Quality Testing Printout
Add new field in mb51 output screen
Add new Selection Field in MB51
Add 20 New entry field for ZFOLDPC for poplin entry (pc wise entry screen)
change in Zmmbe Report :
multiple section of Sale order and batch , batch last good recipt date
change in Dyelot Wise Jobcard
change in ZSOSTATUS report
change in ZPSPIN ,ZPSTOCK report for dynamic add new mixing line
change in handover takeover document printout
change in sort design mater
Add new store location of Old weaving yarn godown
Generate new Report of Folding selection
In Raw Material Department Add New Mixing Code (55D)
KPMG Auditors Query
report checking zmatpr ,mb51(difference)
checking the scenario of yarn export
auditors
Change in ZFODLING INSPECTION report
Remark fill during Dyelot confirmation in folding team for POP LIN
due to batch classifcation three bale stop during ims posting
clear of sale order released status in poplin business
Reco of Zmatpr Vs. GL & Mb51
Changes in ZRETURN
Changes in Loomcard smartform
Prepare report of dyelot in plan vs actual cost with dye material (fresh, addon ,rework ) wise with Curren
Change In Gate In Out Process
Return Invoice Gate Pass Entry only generated after creation of return SO.
Create New Payment terns
Upload SPF Data year 1617
zreturn smart form copy control
scrab sales vat value added in conditon record
Prepare loom card with detail of Sort master
Add finish delivery in Znprocess
Change in zbstc
Add chagne ZDLOTINS1 Captcher checker name and display in mb51
Loom card printout prepared and given to user testing
Barcode printout problem
New Barcode page format create , device type , barcode type
changes for budget while PR
changes for GP for poplin
Change In PR Budget
Create a New User And Assign the Role
accounting entry posting in f-28 error
changes for GP converting poplin GP for all dept
changes in ZPAYINFO
changes in ZPAYINFOR
Add new line in all smartforms of sale order " No claim accpected after 90 days of invoice (Receivable G
Change In Gate Report
Change In Gate Entry
Change in Folio Manager wise Payment Information
trading return process error
smart form testing
non moving stock transfer to inspection for pack
Program to allow changes in already set status
Changes in yrecon
Personal Vehicles gate entry
create new report of invoice payer and fi payer variance(Receivable Governance)
In return sale must block after 90 days after invoice creation(Receivable Governance)
Change in Vat 07 Report
Report for new entry details at gate
Report for status of return SO after 30 days of creation
Change in zopenbale of planning by ppc with min max stock
Error In F-48 Vendor Advance Payment Discount Amount Not Show
Error in Migo( Inter Plant Transfer Purchase order & Sales Order Plant are Different)
new gl created for job work process
Generte new program for upload sale budget For ims team
Add new work center in bleaching stage
due to sale team create incomplete invoice of yarn created problem during GRN
Changes in return GP
MIGO vs GATE check report
scrab sales error
shipping point determination error
Create the report for Migo V/s Gate Entry no
checking zpayinfo,zpayinfoc,zpayinfor Report & Create User manual For marketing users
change in yarn recived in weaving plant against excise invoices
prepare dye material issue vs plan for plant 3100 month march and april against sale order
prepare prv. Finanical year sale and purchase variance
prepare data for mis team pop lin sale valuation loss
new discount condition
zprice testing
auditor(sales process,return process, credit process,billing documents)
Checking for Bhiwandi Jobwork Process. Create PO for Raw Material & jobwork to Stitching
Configure to Bhiwandi Jobwork Process
Changes in ZPRICE and its TMG
Restrict rights of users for ZDIS
change yfabric sort based on length of pc add new field ztable
prepare data for mis team plant 3100
change dyelot sale order to sale order
ZGPLAN Trainging to ppc team
add new shade in club order
4100 plant (job work testing)
new discount condition validtion for particular usser id
Without Purchase Order Gate entry Checking
Store Bin Upload
Changes in payment due notification mail
problen in bale delivery
job work for 4100 plant
Without PO gate entry and report
change zbarcode remove group field in smartforms
change in zfoldpc confirmation
find sale order change history
person responsible in plant 4100 create for job work
New Business ,check jobwork process in mumbai
gl maintained for export trading
changes in zgate
changes in zgplan
Changes in ZLOOMCARD
Change in znprocess , add new Stage and add dyelot no display in hotspot
take grn aginst improper invoice prepare by sale team of yarn
Clear Cogi for plant 3100
Dyelot no 3464 confirm for dying to finishing
payment term changed
marketing order type settings(zmso in home textile division)
batch splitting during delivery creation
Gate entry for older invoices
add dyelot wise remark, defect reason (Proc, spin,wevg.) in roll Packing
Working on Extra Grey issue against shortfall without create new sale order with release strategy
Change In zmatage for consigment stock , subcontrack stock ageing
check and change in zgplan for grey issue
change in zsostatus report for Finish Delivery
Transfer Stock Form IT01 Location to 2000 warehouse in grey material
checking abnormal data show in zsostatus process deliver qty greater than greige issue as consider 5% t
checking to ppc team for ZTOPACK , TO BE PLAN , Already plan Sale order wise
mtr Diff during packing ,delivery in bale system
Change roll group and remark
Training to Old processing team , Stock prapre new material code, old material wise
invoice details
Without reference entry at gate
Gate entry with material details and reports related to it.
Loom card print out in card paper
scrap invoice
provide sales text details
error in stock transfer
Report For Gate Entry Of Material
MIGO validations and control on GR based on the material entered at gate
Changes in budget tables and enhancement for BI purposes(ZRING)
yarn delivery issue
vat % not coming
quantity not confirmed in sales order
Report For Gate Return Of Material Without Refernce
ship to party error while creating order
fob job work process testing
Report For Yarn Pricing
Program for remarks for each major stage and changes in ZFOLDINSP .
change in zgplan (Day wise planning for Grey issue)
billing documents released for accounting
separate gl for fabric purchase order(for job work)
Report For Gate Entry Vs Grn
Changes in ZPRICE
delivery error in grey sales
auditors singhi
report tested for yarn price
Changes in greyissue
Close The Open PR and Pending PO
Provide the Multiple data for KPMG Auditors.
Vendor SSI data entry screen and report
Changes in ZGATE_PASS
Changes in ZREWORK
Changes in ZSD_AGCOM
return process for trading export
Changes in mail sent while invoice generation
Changes in customer copy slip print for YARN
invoice mail testing
training given for combo business
delivery creation from bale
Changes in RGP NRGP process
ZPOGATE changes
Changes in ZFAC
inquiry reference removed
sales order closed for suiting & shirting business
Invoices for combo sample and home textile
Changes in PO wise gate entry report
Changes in ZPOGATEC
Create new Tranaction for Folding retrun in plant 3100 and 3000
Folding Return print out Document For Dyelot Wise
vat % change for mumbai depot
Create Report for RFT %
create new Transaction create new request of Short fall grey issue and add shortfall qty in grey issue p
Change in ZPSPIN report for Spining Dept
excise invoice creation error
accounting entry error
change in report , Add new Field in ZOPENSO
ZGPLAN change for Shortfall request
Chagne in Znprocess
Change in ZTOPACK report
change in fabric doms. Smartforms
purchase order order unit change
Tcode :
ZISSUE authoriztion given to All spining user id
add authoriztion object A__B_Bwart in user id pmelec
Modify Delay time of machine :
ring0015 to ring0105 and plant 1000 shift B
modift Gate entry qty
Retrun sale process releasing strategy modify and put a valiation of credit note stop after TQM Team wil
gaveauthoriztioN to SDGARMENT :
VL01N , VF01
change in zwarehouse
change in ZD02 For not allow back date delay time modify
change in ZTRSLIP , Due date correcion of fabric division (due date - 3 )
change in zreslip ,ZADDON ,ZCLSIP
Training to folding team for folding retrun
Changes in ZPOGATE
Change in ZQDYELOT for MIC Recording and hanover slip generted auto
ZGATERR
ZPRICE CHANGES
ZTRSLIP change for Yarn business , Donot display Due date
Zreslip change tolerence upto 15% in all stage
help of preparing return purchase order created and material document posting
Dyelot 5242 ,5210 problem during Quality approval
Add Shade name in zopenso , zsostatus report
create Entry Screen For SSI(Small Scale Industry)
Training to MIS Team , accounting team to how to take stock of all plant , material type wise
Changes in MIGO enhancements
YDORDER
Create Entry Screen for Maintaining sold Handing unit (Depot Sale)
Auto Release flag during in Producation order Creation
Remove Entra Doffcut Which Created wrongly during Entry time
Change Inspection mtr of Doffcut
prepare Reco for Sale order 64026925
Fill ringframe target
create packing production order For outsource fabric
prepare stock copy for monthly phyiscal stock in 30.06.2016 sap vs phy
Changes in ZGATER
Changes in ZGP
Testing of multliple chapter id Material Sold out in single invoice of ss Devision
create Sale retrun order of 3 invoice
Material Adjustment for FOC spare part (Movement type 702)
Change in Pending Miro Report
Start Date Actual End Date Status
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/1/2016 4/1/2016 Completed
4/2/2016 4/4/2016 Completed
4/4/2016 4/4/2016
4/4/2016 4/4/2016
4/4/2016
4/4/2016 4/4/2016
4/4/2016 4/4/2016 Completed
4/4/2016 4/4/2016 Completed
4/4/2016 4/4/2016 Completed
4/4/2016 Ongoing
4/4/2016 4/4/2016 Completed
4/4/2016 4/4/2016 Complete
4/4/2016 4/4/2016 Complete
4/4/2016 4/4/2016 Complete
4/5/2016 4/5/2016 Completed
4/5/2016 4/5/2016 Completed
4/5/2016 Ongoing
4/5/2016 4/5/2016 Complete
4/5/2016 4/5/2016 Complete
4/7/2016 4/7/2016 Complete
4/7/2016 4/7/2016 Complete
4/7/2016 4/7/2016 Complete
4/7/2016 4/7/2016 Complete
4/8/2016 4/8/2016 Complete
4/8/2016 4/8/2016 Complete
4/8/2016 4/8/2016 Complete
4/8/2016 4/8/2016 Complete
4/8/2016 4/8/2016 Complete
4/9/2016 4/9/2016 Complete
4/9/2016 4/9/2016 Complete
4/9/2016 4/9/2016 Complete
4/10/2016 4/10/2016 Complete
4/11/2016 4/11/2016
4/11/2016 4/16/2016
4/11/2016 4/11/2016 training given to m.p ghaggar ji ab
4/11/2016 4/11/2016 automatic currency conversion in
4/11/2016 4/11/2016 resolve the auditors query
4/11/2016 4/11/2016 Complete
4/11/2016 4/11/2016 Complete
4/11/2016 4/11/2016 Complete
4/11/2016 4/11/2016 Complete
4/11/2016 4/11/2016 Complete
4/11/2016 4/11/2016 Completed
4/11/2016 4/11/2016 Completed
4/12/2016 IT testing
4/12/2016 4/14/2016
4/12/2016 4/14/2016
4/12/2016 4/12/2016
4/12/2016 4/13/2016
4/12/2016 4/12/2016 reference invoice no. is not printi
4/12/2016 4/12/2016 vat % is not coming due to materi
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Complete
4/12/2016 4/12/2016 Completed
4/12/2016 4/12/2016 Completed
4/13/2016 4/13/2016
4/13/2016 4/13/2016
4/13/2016 4/13/2016 amount difference during posting
4/13/2016 4/13/2016 Completed
4/13/2016 4/13/2016 testing/UT
4/13/2016 4/14/2016 testing/UT
4/14/2016 4/19/2016 Completed
4/14/2016 4/14/2016
4/14/2016 4/14/2016
4/14/2016 4/16/2016
4/14/2016 4/14/2016 return order error due to status pr
4/14/2016 4/14/2016 tested for all types of smart forms
4/14/2016 4/14/2016 Complete
4/14/2016 4/14/2016 testing/UT
4/14/2016 4/14/2016 testing/UT
4/14/2016 pending
4/15/2016 Under delovepment
4/15/2016 4/19/2016 Completed
4/15/2016 4/15/2016
4/15/2016 4/15/2016 Completed
4/15/2016 4/16/2016 testing/UT
4/16/2016 Under delovepment
4/16/2016 4/16/2016
4/16/2016 4/16/2016
4/16/2016 4/16/2016 for job work process new gl create
4/16/2016 4/16/2016 Complete
4/16/2016 4/16/2016 Complete
4/16/2016 4/16/2016 Complete
4/16/2016 4/16/2016 Completed
4/16/2016 pending
4/18/2016 4/18/2016 accounting entry not generated
4/18/2016 4/18/2016 for 2100 plant shipping point determination error for yarn
4/18/2016 4/19/2016 Auditor Purpose & store person can check this report
4/18/2016
4/18/2016 4/18/2016 Completed
4/18/2016 4/18/2016 Completed
4/18/2016 4/18/2016 Completed
4/18/2016 4/18/2016 Completed
4/19/2016 4/19/2016 new discount condition for b grade mat.added in 3100 pla
4/19/2016 4/20/2016 like yarn price should be maintained in zprice t code in ss
4/19/2016 4/19/2016
4/19/2016 4/22/2016 Plant 4100
4/19/2016 4/23/2016 OBYC setting Configure valuation class against GL assign
4/19/2016 4/21/2016 Completed
4/19/2016 4/19/2016 Completed
4/19/2016 4/19/2016 Completed
4/19/2016 4/19/2016 Completed
4/19/2016 4/19/2016 Completed
4/19/2016 4/19/2016 Completed
4/19/2016 4/19/2016 Completed
4/20/2016 eerror in production order creation
4/20/2016 4/20/2016 new discount condition for b grade mat. For particular us
4/20/2016 If Without PO No Goods Comes in Factory Gate,Gate Inch
4/20/2016 4/20/2016
4/20/2016 4/20/2016 Completed
4/20/2016 4/20/2016 Completed
4/21/2016 4/21/2016 for bhiwandi plant job work testing
4/21/2016 4/22/2016 UT/Training
4/21/2016 4/21/2016 Completed
4/21/2016 4/21/2016 Completed
4/21/2016 4/21/2016 Completed
4/21/2016 4/21/2016 Completed
4/22/2016 4/28/2016 completed
4/22/2016 4/22/2016 for export trading no accounting entry generated
4/22/2016 4/22/2016 Completed
4/22/2016 4/23/2016 Completed
4/22/2016 Pending
4/22/2016 4/22/2016 Completed
4/22/2016 4/22/2016 Completed
4/22/2016 4/22/2016 Completed
4/22/2016 4/22/2016 Completed
4/23/2016 4/23/2016 payment term c016 changed from 7 days to 10 days 1.5%
4/23/2016 4/23/2016 marketing order configuration in home textile division
4/23/2016 4/23/2016 batch splitt due to sales order cost not released
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 undeer Delovepment
4/23/2016 4/23/2016 undeer Delovepment
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/23/2016 4/23/2016 Completed
4/25/2016 4/25/2016 provide invoice details which are
4/25/2016 4/25/2016 Completed
4/25/2016 4/26/2016 Testing/UT
4/25/2016 4/27/2016 Dropped
4/26/2016 4/26/2016 scrab invoice training to tapasvi ji
4/26/2016 4/26/2016 provide sales text detail for mainta
4/26/2016 4/26/2016 b grade transfer issue
4/26/2016 4/26/2016 Completed
4/26/2016 4/29/2016 Testing/UT
4/26/2016 4/26/2016 Completed
4/27/2016 4/27/2016 open delivery pending
4/27/2016 4/27/2016 material group not maintained in
4/27/2016 4/27/2016 line items are not open in delivery
4/27/2016 4/27/2016 Completed
4/28/2016 4/28/2016 error is due to because of material
4/28/2016 4/28/2016 complete cycles tested(except acco
4/28/2016 4/28/2016 Completed
4/28/2016 4/29/2016 Completed
4/29/2016 4/29/2016 completed
4/29/2016 4/29/2016 invoice pending for accounting ent
4/29/2016 4/29/2016 tested and moved to prd
4/29/2016 Ongoing
4/29/2016 4/29/2016 Completed
4/30/2016 4/30/2016 because of stock exits againt anot
4/30/2016 4/30/2016 fabric sales,yarn sales, suiting&shi
4/30/2016 4/30/2016 price validation report tested in ya
4/30/2016 4/30/2016 Completed
5/4/2016 8/4/2016
5/4/2016 8/4/2016
6/9/2016 In process
6/10/2016 6/14/2016 Completed
6/10/2016 6/15/2016 Completed
6/11/2016 In process
6/11/2016 6/13/2016 configuration done for return proc
6/11/2016 6/13/2016 Completed
6/11/2016 6/13/2016 Completed
6/13/2016 6/13/2016 after invoice mail sent to customer
6/13/2016 6/13/2016 training given to Mr.naveen and u
6/13/2016 6/13/2016
6/13/2016 6/14/2016 Completed
6/13/2016 6/14/2016 Completed
6/14/2016 7/5/2016 UAT
6/14/2016 6/14/2016 inquiry reference removed for expor
6/14/2016 6/15/2016 open sales order closed
6/14/2016 Completed
6/14/2016 6/15/2016 Completed
6/14/2016 6/15/2016 Completed
6/14/2016 6/16/2016 Completed
6/14/2016 6/16/2016 Completed
6/15/2016 6/15/2016 vat% change from 5% to 5.5% for
6/16/2016 6/16/2016 Completed
6/17/2016 6/18/2016 Completed
6/17/2016 6/17/2016 Completed
6/18/2016 6/18/2016
6/18/2016 6/18/2016 scrab dvision error because of ta
6/18/2016 6/18/2016 Completed
6/20/2016 6/20/2016 Completed
6/20/2016 6/20/2016 Completed
6/20/2016 6/20/2016 Completed
6/21/2016 6/21/2016 Completed
6/21/2016 6/21/2016 Completed
6/21/2016 6/21/2016 Completed
6/21/2016 6/21/2016 Completed
6/21/2016 6/21/2016 Completed
6/21/2016 6/21/2016 Completed
6/22/2016 6/23/2016 Completed
6/22/2016 6/22/2016 Completed
6/23/2016 6/23/2016 Completed
6/24/2016 6/24/2016 Completed
6/24/2016 6/24/2016 user Testing
6/24/2016 6/24/2016 Completed
6/25/2016 6/25/2016 Completed
6/27/2016 6/27/2016 Completed
6/27/2016 6/27/2016 Completed
6/28/2016 6/28/2016 Completed
6/28/2016 6/28/2016 Testing
6/28/2016 6/28/2016 Completed
6/28/2016 6/28/2016 Completed
6/28/2016 6/28/2016 Completed
6/29/2016 6/29/2016 Completed
6/30/2016 6/30/2016 Completed
6/30/2016 6/30/2016 Completed
6/30/2016 6/30/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/2/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/1/2016 7/1/2016 Completed
7/2/2016 7/2/2016 Completed
7/2/2016 7/2/2016 Completed
7/2/2016 7/2/2016 Completed
7/2/2016 7/2/2016 Completed
7/2/2016 7/2/2016 Completed
7/4/2016 7/4/2016
Remarks
Total purchase req. value (amount) Show in the Report.
All Department wise budget controlling
No need to manual punch download ,automatic punch download to bio matrix Machine.
Changes made for correction in interest calculation and due date information
Additional information was added to the Gatepass like gros wt, net wt, etc.
Added References in the PO print. Made a few adjustments in design
Changes to show total value of each item in the requisition

Add the Vendor Ref. and Our PO ref. link to po Print
Stop the Auto mail to vendor At the time of PO creation.
Add total the Net Weight or Gross Weight.

Changes in smartforms used as pre print designs for cheques of different banks
Changes in budget calculation logic so as to calcualtion of the used budget is not restricted to type of material
BDC for IP02 to make the maintainence plans inactive
Final changes for the calculations to be done based on the data retrieved.
Incorrect sales text in sample invoice. Rectified.
Create ,Maintain in ztable , display in bale warehouse Report (ZBSTC )
Add Remark ,group ,phy Roll in smart forms (ZDISP)
Remove Net wt Field and New Gross Wt for Entry propose so change in Printout of Size beam stricker
Automail to vendor on PO generation was stopped on user request.
New smartform for loom card
Driver Program for loom card
Material Desc not Printing , Add material Desc of Sale text
Qty Field Disable in Mer, Dying section (Stop Dyelot Breakup), Also Change of Rework Activity
Add prodcution order field in zmatage report
Add Sale order , customer Name
Roll wise Checker name , Machine on Insepection , Roll no Generated for which Dyelot
Add purchase order in Selection of mb51
before there only 20 field ,we add more 20 field of entry
add selection field for sale order and batch ,packing date
Weave of sort add in job card in smartform
sale order wise grade wise packing
dynamic add new mixing line of spining section
Add sale order in Smartforms
Add pagplan in design master
report for Dyelot received , total insepection mtr , Grade wise Mtr , total Warehouse transfer , difffernece for Folding and finish
completed
completed
completed
Add Total Inspected Roll or pc mtr , and also Grade wise percentage
Changes in yfoldpc ,yfolding , zfoldG and also update in zqm_mic table remark and material doc after confirmation and add in
Minor Changes
Every Tare Vehicle Entry is Compulsory
completed
completed
Printout document ,put on loom machine for opertor based information of runing sort
Daily user check mb51 and mis team and prd team having difference on it , so I add row in znprocess which having sort wise fi
old system bale system calucated two time total meter
Changes in budget table and program to remove material group as key for budget. Also added year for better history tracking
Changes in Gatepass for POPLIN for single GP for multiple invoice to reduce papers printed.
Year & Month Wise budget report
resolved
Changes in Gatepass for single GP for multiple invoice to reduce papers printed.
Changes in ZPAYINFO for setting status
Changes in ZPAYINFOR to incorporate all the changes in ZPAYINFO and ZPAYINFOC
training of user and move request to prd
Add Vehicle In Date & Time
Add Vehicle No wise Gate Entry
Payment option can be Change By Folio Manger
resolved
completed
ZPAYINFOC- to changes the status set from ZPAYINFO

Changes in YRECON to incoporate information fed in ZPAYINFO.
Dropped in mid way till more clarity and approvals for the system are acquired.
training of user and move request to prd

Add New Tax Conditions
ZGP-changes so that only IN trucks can have GP created.
Report that shows status of Return SO for which invoice is not gnenerated after 30 days
As ppc and marketing decided , planning can be created based on min max level of stock in ims
Solve
Solve
completed
for BI_BO sale budget uplaoding
Return GP to be only generated after creation of return SO.

report to check migo and gate entry data at one place for checking purposes.
g point determination error for yarn waste sale(maintained in prd)

re person can check this report
po no will check based on sale order not on invoice

sale team and mohit want preparing data for sale price and company cost variance
hpatel ,Pinkesh Lakhotia want data for Yarn which sale but not recived
mis team want grade wise sale , retrun , cancel , crdit ,debit
n for b grade mat.added in 3100 plant(maintained in prd)
be maintained in zprice t code in ss division .tested in quality server
e valuation class against GL assign

Changes in Zprice to add from and to date. Also changes in its TMG and validations and control in TMG events
restrict rights of using ZDIS condition record to specific users
add new length 2 t0 9
mis team want grade wise sale , retrun , cancel , crdit ,debit
Ppc team want change cancel sale order , that dyelot transfer other sale order
due to ppc team member on leave , we have to traning ss division team to transfer for pop lin plant
he miss one shade during create of club order
rder creation
n for b grade mat. For particular used id authorisation tested
ds Comes in Factory Gate,Gate Incharge inform to Authorized Person for approval to Gate entry Generate
Changes for more refinement in controls that were already there.

sale team change delivery date of bale after started packing
work testing
Entry for the material without PO after proper approval. User training is remaining
some mistake in pc wise confirmation
done
accounting entry generated

manohar ji prepare invoice without proper purchase order no fill
MDM team put delete Flag in materal master
MDM team miss assingnment dye material during master creation
hanged from 7 days to 10 days 1.5% cash discount
guration in home textile division
es order cost not released
New entry designed for returns of older invoices i.e. invoices that were created before Gatepass system was implemented
because downgrade change cont. and recalucate everytime check grey req. qty and pending grey issue .
add reserval movement type in sale order status report
Old RFD Stock transfer to grey material for prparing new dyelot
ppc team check data of finish delivery withoout cansidering reserval movement (322)
due to batch transfer for stsl to sst , classifcation of batch not copy
completed
Gate entry with material details metioned in LR so that MIGO can be controlled based on it. Also all the reports required for th
Dropped when reached for testing because of excess overheads caused hardware requirement
completed
completed
resolved
Validation in MIGO for plants specific to PALI gate entry comparing the quantity with the IN entry at gate for better control on p
Changes in sales and production budget and enhacements in structure updates for the data source in BI
resolved
resolved
resolved
resolved
pending
Changes in zfoldinsp to show show the remarks made for the dyelot
resolved
completed
Changes are ongoing with the requirements of the users.
Minor changes to expand data accomodation and changes in TMG for the same
resolved
provided
completed
Changes in greyissue for mercerized planning .
Details are Provide to the Purchase Department.
Details are Provide to the Purchase Department.
provisions to main MSME data for vendors and report (part assigned to Anil)
Changes in validations for gatepass generation. Also changed reports to incorporated new type RGPR.
ZREWORK changed for manual workcenter and machine changes for rework entry registration.
Changes in ZSD_AGCOM. It lacks support for Yarn division
completed
Changes in mail sent for yarn invoices to show amount with and without CD.
Design changes for yarn customer slip.
completed
completed
resolved
Psuedo NRGP was generated for RGP return. New type RGPR added to avoid confusions and protect data integrity
Programatical error caused Gatepass number sequencing issues. Solved.
Changes in ZFAC to fit requirements of marketing and finance for clearer view of customer outstanding and payment history
completed
completed
Created new invoice for combo, combo sample and made changes for home textile invoice.
transaction for roll wise folding return
completed
exception report For percentage fo fresh delivery given by Finishing team with approval of TQM
resolved
resolved
Mis cost of fg good, Add price condition EK02 in report for Comprssion for Sale vs Mis cost
due to change in bom , system showing minus qty in pending plan field
Add new row for Folding Return
For marketing order system not remove bale for to pack report
bookto related change
Error in material creation
report for day to day to raw material issue in kg and bale
during service sheet create
wrong entry,
As sinstruction give by purchaser , gate qty recived in two purchase order
some change in zdevolpement
performance issue
provide authoriztion of plant team to modify delay time
hardcore 3 day minus on payterm term c016
in Reslip ,open qty to issue as per bom and add dyes cost in zdyeslip
Changes in PO wise gate inward entry for quantity check changes and tolerance logic amendments
Returns gate entry report

Changes in ZPRICE
Changes in MIGO enhacements for SRPO and RTPO PO types

Minor changes to remove unrelated documents
Changes in ZGATER for new order type.

Changes in ZGP to exempt HT and CM divisions from excise invoice check
Change The Condition Type in ZPMIRO Report.

nd finishing section ,rework transfer mtr
d add in zfolding inspection report
t wise finish delivery

d for this like in report and IN vs GRN report.
trol on purchased good entry

s.no Department No. of systems HCL Zenith Lenovo Laptops laser printers
1 Accounts 18 3 5 3 7 4
2 Raw Matrial 7 0 3 3 1 1
3 Purchase 7 1 0 4 2 2
4 costing 3 1 0 0 2 1
5 fabric 6 0 0 4 2 1
6 yarn 6 1 1 3 1 1
7 ppc 6 0 0 3 3 1
8 labour office 11 1 2 4 4 4
9 civil 3 0 2 1 1
10 time office 7 0 2 5 0 1
11 store 5 1 3 1 0 1
12 chemical lab 1 0 1 0 0 0
13 sqc 2 0 1 1 0 1
14 spin 5 1 0 4 0 1
15 spinmnt 2 1 1 1
16 syntatic 3 0 1 2 0 0
17 winding 2 0 1 1 0 1
18 packing 1 0 0 1 0 0
19 weaving 2 1 0 1 0 1
20 old process 5 1 1 3 0 1
21 folding 5 0 0 5 0 1
22 electrical 4 0 1 2 1 1
23 mech 3 0 0 3 0 0
24 finish folding 2 0 0 2 0 1
25 new plant office 13 0 0 11 2 3
26 grey folding 4 0 4 1
27 pbex 1 1 1
28 new sqc 14 0 6 6 2 3
29 it office 8 0 0 2 6 0
30 edp server office 6 1 0 5 0 0
31 hardware office 2 0 1 1 0 1
32 msum shop 1 0 0 0 1 1
33 open end 1 0 1 0 0 0
34 ceo 0 0 0 0 0 0
35 marketting 9 0 0 0 9 0
36 ware house 3 2 1 2
37 msum gate 3 0 3
38 ahmd office 9 0 0 1 8 0
39 72loom 1 1 0
40 Kolkata 2 0 0 0 2 0
41 bibo trening 2 2
42 Mumbai 5 5
43 extra system 6 0 0 0 6 2
Total 206 13 32 95 66 41
LAPTOP USER NAME
kbd,hpatel,ruchir,hemant,kunal,pinkesh,pooja
JKJ
anil, prem,
sanjoy,sanjit nath
sanjay pandey,lalit achary
bkd,
sudhir,iqbal hussain,naval
avinash P SINGH,Ajay Singh,munna singh,manish
ATANU KUMAR ROY
rakesh gupta
amit ghosal, ravi rana shailendra
sandeep,Saikat
amit sharma,anil singh, amandeep singh,kartik sharma,manjeet,abhishek singh
Zenith laptop naveen kumar,
swapan nath
ashish,rajneesh,vipind,rahul pangorya,dev paul,nitin goel,arvind singh,virendra,naveen kumar,
ss rathore
mohanan,mohit,M s negi, Dinesh Manuja,vivek pandey,tafiq,extra

PRINTER USER NAME
ruchir,account,kbd,cheqe
vpin, scanner
manit.sohan lal
costing hp wireless
subash
manohar
sudhir
sulabhsir, Avinash ji,ajay singh labour office
susanta,
tulsi ram
pramod
pundir,
Ashwani mohta
prakash tilwani
chaudhari ji
bar code printer
np pachuri
manish joshi
naveen bar code printer
rakesh gupta
sunil singh bar code printer

finishing,AMIT GHOSAL,navratan
ram ashish pandey bar code printer
sandeep, sampling,mayur ji
et,abhishek singh
narendra
naveen
ind singh,virendra,naveen kumar,

sunil singh yarn godown
extra laptop sony vaio gold

Service Party
SAP (AMC) Vcentric Technology,Hyderabad
Internet
Place Connectivity Type Speed
Pali Lease Line 8 MB
Airtel Lease Line 8 MB
Ahmedabad Lease Line 2 MB
Airtel line 4 MB
Mumbai BSNL Broad Band (1 Connection) 4 MB
Mobile connection
Pali Airtel 280

Ahmedabad VodaPhone 15
Mobile data Connecton

3G Connecti Only HOD 22
Data Card Marketing & Ahm Office 16
Other Server
Physical Server type RAM Processor Disk Space
IBM server Oracle 8 gb 2 C:

100 gb D:
200 gb E:
200 gb
Desktop IBM Think centrAntivirus 8 GB 1 C:

100 gb D:
200 gb
Desktop IBM Think centrProxy & ma4 GB 1 C:

100 gb D:
200 gb
Remark
for Oracle data & application and HR module
for Symantec antivirus
for Mail & Internet Proxy server

Part No.
System x
7915D2A
69Y5327
49Y1397
49Y1563
90Y8877
42D0494
94Y6669
46M0902
69Y1194
39Y7927
System x
7160D2A
49Y1397
49Y1406
90Y8877
46M0907
42D0494
00D4413
46M0902
39Y7927
2072S2C
00Y2503
00Y2491
00Y2523
39Y7927
39M5697
3580S5E
96P1565
46C2084
23R7008
23R6985
95P4711
Description
High End server
x3650 M4, Xeon 6C E5-2630 95W 2.3GHz/1333MHz/15MB, 1x8GB, O/Bay HS 2.5in SAS/SATA, SR M5110e, 750W p/s, Rack
Intel Xeon 6C Processor Model E5-2630 95W 2.3GHz/1333MHz/15MB W/Fan
8GB (1x8GB, 2Rx4, 1.35V) PC3L-10600 CL9 ECC DDR3 1333MHz LP RDIMM
IBM 300GB 2.5in SFF 10K 6Gbps HS SAS HDD
Emulex 8Gb FC Dual-port HBA for IBM System x
IBM System x 750W High Efficiency Platinum AC Power Supply
IBM UltraSlim Enhanced SATA Multi-Burner
x3650 M4 ODD Cable
Line cord - 2.8M 10A/250V C13(2P+Gnd) (India)
Mid range server
x3530 M4, Xeon 6C E5-2430 95W 2.2GHz/1333MHz/15MB, 1x 4GB, 0/Bay HS 2.5in SAS/SATA, SR M1115, 460W p/s, Rack
IBM 300GB 2.5in SFF 10K 6Gbps HS SAS HDD
IBM 6Gb SAS HBA
Emulex 8Gb FC Dual-port HBA for IBM System x
460W Power Supply(Redundant)
IBM UltraSlim Enhanced SATA Multi-Burner
IBM Storage
IBM Storwize V3700 SFF Dual Control Enclosure
600GB 2.5In 10K rpm 6Gb SAS HDD
8Gb FC 4 Port Host Interface Card
8Gb FC SW SFP Transceivers (Pair)
5m Fiber Optic Cable LC-LC
IBM TS2250 Tape Drive (LTO5)
System Storage TS2250 Tape Drive Express Model H5S
19-inch Rack Mount Kit
Ultrium 5 Data Cartridge (5-pack)
Ultrium Cleaning Cartridge
2.8m Power Cord 250V India
2M SAS/Mini-SAS 1x Cable
Quantity Qty
1
1
1
5
2
2
1
1
1
1
2
1
2
1
2
1 1
1
1
1
2
1
12
2
1
2
2
6
1
1
1
1
1
1
2
Licenses
SAP Type Nos.

Developer 1
Professional 46
limited professional 12
shop floor 46
maintenance 8
employee 6
Business object 10
Sybase Enterprise developer 1
Mobile Platform 10
total 140
OS
Windows Server 2008 11
Wndows 7 3
Desktop Windows 8
Paper Lic 90
OEM 110
Calc 100
Office Paper Lic 90
OEM 30
Postmaster Email software 250

Symantec Enterprises anti virus 100
Oracle 10g (user lic) 5
VMWare Enterpries server 1

VmWare sphare 4
Licenses
SAP Type Nos.

Developer 1
Professional 46
limited professional 12
shop floor 46
maintenance 8
employee 6
Business object 10
Sybase Enterprise developer 1
Mobile Platform 10
total 140
OS
Wndows 7 3
Desktop Windows 8
Paper Lic 90
OEM 110
Calc 100
Office Paper Lic 90
OEM 30
Postmaster Email software 250

Symantec Enterprises anti virus 100
Oracle 10g (user lic) 5
VMWare Enterpries server 1

VmWare sphare 4
lease line flow
Airtel lease line
Reliance lease line Switch
Firewall Network Switch
Proxy Server Sap serve
Fin.dept Switch Purchse Dept Spin dept Weav Dept

Switch Switch Switch
VC room
Sap server
Procress dept
Switch
Ahmedabad network flow
blazenet lease line flow
blazenet lease line Switch
Firewall Sap dr server
Airtel braodband
Router 1 Router 2 Router 3

VC room
Router 3
SAP Landscape for Disaster Recovery Server
VMWar
e VM Ware ESX
VM Ware ESX Server IBM Server
ECC DEV vMotion Server Solution
ECC QAS Manager
ECC PRD
Mobile DEV
Mobile PRD
Relay
BOBI DEV
BOBI PRD
2 x Hexa Core Proc. 1 x Hexa Core Proc.
2 x Hexa Core Proc.
2 x 300 GB HDD 2 x 300 GB HDD
2 x 300 GB HDD
96 GB RAM 24 GB RAM
96 GB RAM
IBM DS 3512 SAN Storage IBM Tape Device

12 x 600GB 15k SAS HDD LTO 5
erver
Backup
Server of ECC
PRD in Remote
Place
(Ahmedabad)
1 x Hexa Core
Core Proc. Proc.
GB HDD 2 x 300 GB HDD
RAM
32 GB RAM
evice
Local
LAN
SAS Path
vMotion

IT Checklist

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

IT Checklist

Enviado por

Direitos autorais:

Formatos disponíveis

Area

onnel as documented in tape movement procedure (part of Backup Process)

eam through alerts about backup failures.

es, including how they are used,

e data is done regularly

S No. Area Control Checks

GI01 General IT Are security policies defined and circulated?

GI04 General IT Is IT operations and management committee present to

GI08 General IT Is Technology / Business Architecture Road Map (short

HR06 Human Resources Compliance with employee performance appraisal policies

HR07 Human Resources Formal or on-the-job training is provided to all personnel

PS01 Physical Security Biometrics Physical Access Controls were found to be in

NS03 Network Security Router/Switches configuration having enable secret

NS07 Network Security IT security administration along with respective teams

NS08 Network Security System infrastructure, including firewalls, routers,

NS09 Network Security Accordingly, network and communication software affects

PM01 Patch Management Is Patch management policy in place

DS01 Desktop Security Desktop security policy is in place.

DS03 Desktop Security The administrator ID (Desktops) is restricted to the IT

DS04 Desktop Security Multiple levels of virus protection are implemented on

DS15 Desktop Security Maintaining an inventory of software, proof of ownership

CM02 Change Management Is there is formal and documented change (program

CM04 Change Management There is adequate segregation of duties between

CM05 Change Management Changes are made in a controlled and restricted

IM03 Incident Management Significant IT events or failures ,Security breaches, major

IM04 Incident Management Incident management policy in place. Is there process

LM02 Logging and Are notification incidents reported through log

IS02 Internet Security Typically, changes to existing application systems should

IS04 Internet Security Are content filtering applied on proxy servers ?

BP04 BCP/DR Understand and document the policies and procedures

BP05 BCP/DR The Organization has an independent internal audit

SM01 SLA Management It is recommended that service level agreement should be

RG03 Risk and Governance Is Risk asseement performed to identify an appropriate

Details with minutes

No such document avaiable

No, sisha khula hai

No, sisha khula hai

No Security guard is required as Data Centre is after the office of IT

No Serial number were noted at Gate\

yes, in data centre register

not such policy defined. Though company has Information

It is in place in IT Policy. Refer page no. 51 onwards

It is in place in IT Policy. Refer page no. 51 onwards

It is in place in IT Policy. Refer page no. 51 onwards

It is in place in IT Policy. Refer page no. 51 onwards

Gateway Firewall : Fortinet and user level Firewall : symentec and

use 255.255.255.0 subnetmask for sap servers

on desktop, patch directly upload on desktop. Firewall patch upload

Yes in IT Policy ( IT Network person check regularly)

all License software use in company

yes, define when we maintain mail on mobile, google data encrytion

Desktop / Laptop Back up - overwritting files - big issue

Yes Backup Register

yes - in IT policy tested on 14 feb.

We maintain realtime backup on DR server, for offline, we maintain

no through mail and physical doc.

Change discuss with request user, and aproval of related department

Change request register

yes change request register

for future we maintained

yes, without accurate data not transfer in other system,

yes defines as procedure

per user report available

installed in company, but not in datacentre