After our meeting, we'll write up our findings in a 5-6 page document for you to keep (check out a sample here). Our findings are categorized into four severity levels. These severity levels are defined as:
Critical — Critical findings are issues that C3 Solutions feels should be addressed immediately to prevent the high likelihood of an interruption of service or loss of data.
Important — Important findings are issues that are causing a problem are a potential problem and should be addressed as soon as possible; these issues are affecting performance.
Best Practices — Are defined by the vendor to maximize the feature set of the software. Informational—This category is for your information only.
We typically find four or five issues in each category. Sometimes the business was actually aware of most issues prior to the assessment, and sometimes we uncover issues that the internal IT staff was not aware of.
Here are just a couple examples of common findings of various severity levels:
- Critical – The Servers on the network are not up to date with the latest Microsoft
Security patches. These patches are critical because they typically resolve security vulnerabilities which were discovered by exploits. Microsoft WSUS should be implemented to ensure that all computers and servers are updated regularly.
- Critical – Currently all employees have administrator rights to the entire environment including the servers and server applications.
- Best Practices – Active Directory is not configured to best practices. There are no GPO policies in place for security and user restriction.
- Important – The server is pointing to external DNS in addition to pointing to the internal network. This server should not be pointing to the internet for DNS resolution.
- Best Practices – Remote access is best served via terminal services. Company is not
currently utilizing terminal server for remote access
- Critical – One of the two servers has the latest service pack from Microsoft installed. An update policy should be in place to ensure that all servers and server applications are updated on a scheduled basis.
- Important – There is currently only one Domain Controller on the network. Microsoft recommends multiple domain controllers for both load balancing and for redundancy.
- Best Practices – Servers are not located in a separate “Server” Organizational Unit, they are hosted with all other computers on the network. Servers should be separated so workstation policies to not apply to servers.
- Critical – The backup strategy that is in place is moving data over the internet. In addition to data backups, it is highly recommended to have disk backups that support bare metal restores. This enables us to recover from failed hardware much easier and quicker than typical data restores.
- Critical – There is currently no disaster recovery plan in place. Although this plan does not need to be highly complex, a plan is necessary to ensure business continuity.
These are only examples of findings intended to give you a better idea of the types of issues we typically uncover. If you feel that none of these examples apply to your business, keep in mind that they are only representative of the most common problems we see. Your environment will have different issues—or, in some rare cases, we have NO findings except that the network is already configured according to industry best practices! In the one or two perfectly-configured businesses we’ve assessed, we simply present this finding and the business thanks us for providing an outside opinion and peace of mind.
- Important – Documentation, process and procedure should be established for all critical systems, disaster recovery, etc.
- Best Practices – Currently there is no process for deploying workstations within Flatrock Compression. Through the use of Microsoft RIS or a third party application such as Symantec Ghost, computers can be deployed from a previously created image, greatly improving efficiency when deploying new workstation or resolving issues.
To schedule your assessment, call us today (713.533.8066) or fill out the form on this page and we'll get back with you as soon as we can to schedule your consultation.