Professional Documents
Culture Documents
NCRA Report For Sierra Leone Main
NCRA Report For Sierra Leone Main
Documents details: Audit report on Age, security, vulnerability, and risk issues
Author: Damilare Merotiwon. & Edemah John
Date: 14 July 2022.
EXECUTIVE SUMMARY:
1 .1 INTRODUCTION
As part of the 2022/23 Internal Audit of the 'Data centre operations and security were carried out.
The objective of this review is to evaluate the condition of the data centre and identify the needs to be corrected.
Data centre policies and procedures are defined, documented, and communicated for all key functions,
Systems are secured to prevent unauthorised access (including 3rd party access).
Access to the data centre is monitored and reviewed, and access rights are periodically reviewed.
Data centre has a duplicate site as site 2 for redundancy and disaster recovery.
Servers, storage, switches, and laptops are patched, monitored, and upgraded to close vulnerabilities as identified by the OEM.
Data transferred off site is secured at all times and appropriate controls are in place to monitor the location of the data.
Environmental controls are present to protect the servers from fire, electrical and water damage. Floor is designed/raised to
manage cabling within the data centre.
The current data centre design is inadequate and dangerous to equipment and storage functionality. Wrong cooling positioning,
inadequate cooling intensity, security doors and windows removal.
Environmental equipment is routinely maintained in line with manufacturer recommended schedules; and
Backup electricity supplies are in place to ensure systems and services are not affected in the event of a power outage.
Summary:
The NCRA data centre and systems in view have been defined and confirmed to be a single point of failure with no sustenance structure for
both solution and physical infrastructure. This is excluding the dangers of a data loss and theft, the current infrastructure was confirmed
implemented after it has reached EOL and EOSL (end-of-life and end-of-support-life) however, it is imperative to note that the entire
country depends on the data housed and generated in this system, as such a threat to it is a direct threat to the country Sierra Leone.
The current running infrastructure was purchase out of range, this means that it is not recognised under any possible contract or name of
NCRA hence support in any form is impossible for the OEM, this is a RED flag and complete breech of standards in conformity with the
information and data protection laws in technology and the world.