IT Audit Services

IT Audit is the process of collecting and evaluating evidence to determine whether a computer System has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively, and uses resources efficiently. Data integrity relates to the accuracy and completeness of information as well as to its validity in accordance with the norms. An effective information system leads the organization to achieve its objectives and an efficient information system uses minimum resources in achieving the required objectives. IT Auditor must know the characteristics of users of the information system and the decision making environment in the auditee organization while evaluating the effectiveness of any system.

ITIS’s Information Technology (IT) Audit professionals help organizations gain insight into the threats inherent in today’s highly complex technologies. Our approach in IT audit appropriately assesses technology risks and the control environment as they relate to critical business processes. ITIS's deep expertise in IT audit can help ensure the integrity, reliability and performance of these processes. Through our methodologies, our clients realize more effective and efficient technology controls that better align the internal audit function with their business and IT strategies.

  • General Business Review
  • IT /IS/IM Strategy Review
  • IT Security Policy Review
  • Review of IT Risk in Business
  • IT Risk Probability Impact Analysis
  • DR and BCP Review
  • IT Operation Controls Review
  • Change Management Program review
  • IT Security policies Review and GAP analysis based on ISO27001

Penetration Test Service

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit.

Web Application Code Audit Service

ITIS adopts a static source code analysis platform that leverages third generation software verification technologies to identify web application vulnerabilities throughout development. Our web-based solution provides automated compiler-independent code analysis that models tainted dataflow within the application. Reports pinpoint vulnerable code locations and offer prioritized remediation guidance, while integration facilitates immediate hot-fix remediation. Our service offers proactive and cost-effective remediation for vulnerable code, representing a low-cost, risk-free alternative to the common build-first secure-later paradigm.

DRP & Implementation Services

A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs. Disaster recovery services can help companies recover from virtually any type of disaster and ensure ongoing availability of mission-critical resources.

IT Security Policy Development

Information Security Policies are the cornerstone of information security effectiveness. The Security Policy is intended to define what is expected from an organization with respect to security of Information Systems. The overall objective is to control or guide human behavior in an attempt to reduce the risk to information assets by accidental or deliberate actions. Information security policies underpin the security and wellbeing of information resources. They are the foundation, the bottom line, of information security within an organization.

This policy should covers all information and information resources, including computers and communication devices owned or operated by organizations as well as information stored on a remote system operated by an outside entity. This policy should also cover any computer or communications device that is present on organizations premises and/or use organization communication infrastructure, but which may not be owned or operated by organizations. Information includes data stored on magnetic or other electronic media, data stored in computer memory, data displayed on a monitor, projector system or other output, data being transmitted over communication lines or verbal, written or printed documents

Oil and Gas Quality System Consultancy and Training

Advisory Services

  • Assistance with certification and Regulatory Compliance
  • Internal Audits by Experienced and Qualified Auditors
  • Supply Chain Monitoring through Second Party Audits/Assessment
  • QMS Gap Assessments
  • Development of QMS manual, procedures, and supporting documentation
  • Resolution of certification or audit nonconformities (API, ISO, or other) API accredited training.

Participants in our training programs will earn Continuing Education Units (CEUs) that can be applied towards certifications, licensures, or academic credit.

  • API Spec Q1
    4-days for Practitioner level, 2.5 days for Fundamental level.
  • API Spec Q2
    4-days for Practitioner level, 2.5 days for Fundamental level.
  • API Auditor Series
    3-days for Lead Auditing, 2-days for Fundamentals of Auditing.

Customer

  • 1Tasman Oil Tools Australia/Singapore/Malaysia/New Zealand/Dubai
  • 2Tango Oilfield Services Australia
  • 3Taranaki Thru Tubing Tools New Zealand/Thailand
  • 4Qemat Nejad Saudi Arabia-Slickline Service
  • 5GDMC Saudi Arabia-Slickline Service
  • 6ICO Asia PacificInspection Service - Singapore
  • 7Diversified Drilling Middle East ( BOP Rental)
  • 8MiddleEast BridgeThru Tubing and Big Hole Fishing Company - Middle East
  • 9Independent Oil Tool Dubai –Oil Tool Rental
  • 10Dosco Romania - Rental and Fishing Service
  • 11Napesco Saudi Arabia – Oil Tool Rental
  • 12Progrynd UAE- Whip Stock/Fishing Tools Rental
  • 13SOS Al Manzoori Oman-Inspection Service
  • 14GASOS Saudi Arabia - Inspection Service
  • 15AsiaPac Malaysia- Rental and Fishing Service