Audits
What are audits
Audits are what we call the process (and core responsibility of Support Ops) that involves reviewing who has what access to various platforms.
Why do we perform audits
There are a good number of reasons that could be made for doing audits, but the biggest ones for us are:
- Ensure no security issues are occurring in the agent/user space.
- Ensure we have accurate information for procurements and renewals.
- Ensure we follow best practices for reviewing who is using the various systems we manage.
How to perform an audit
Performing an audit starts with creating an issue within the Audits repo. There are templates for each of the systems we normally audit.
After creating the issue, you need to populate the details of the audit. To make this process easier, we have scripts available in the repo you can use to generate the data. If you decide to do this manually, you should review past audit issues to determine the exact formatting to use for the system you are performing an audit on.
Once you have generated the data and put it into the issue, you will then begin going through the data and looking for issues. This will vary from system to system, so see below for more specific information. Any issues you find should be communicated to the person in question and resolved.
On average, audits take 1-2 weeks to complete, namely due to the nature of async communication.
Zendesk
The best resources for learning this are the above video and the following links:
While the above video covers doing it for Zendesk Global, the process works the exact same for both. The sole difference is the script used.
Calendly
The best resources for learning this are the above video and the following links:
Pagerduty
The best resources for learning this are the above video and the following links:
Gitlab.com
The best resources for learning this are the above video and the following links:
1Password
The best resources for learning this are the above video and the following links:
b88e5bb
)