IT Aduit & Assessment - Case 3

A hospital providing holistic healthcare to patients in Hong Kong
 
Size200 staffs

Service
IT Audit and Assessment with Follow-up Services

Challenge
With a number of 100+ hospitals and clinics in diverse locations, the company has been struggling for many years to centrally manage the information security and to standardize the operation procedures. Due to the lack of resource, hardly can the company spot out the potential vulnerability without regular review mechanism. Therefore, Ringus engaged to perform an one-off and in-depth assessment, and pinpoint improvement areas within the information system.

After the on-site assessment, Ringus identified large amount of security vulnerabilities and operational deficiencies, in which IT Team might not have sufficient resource to fix the problem in the short run.
 

Solution

  • Identified network security vulnerabilities and provided technical recommendations
  • Evaluated and commenced internal and external security controls
  • Provided one-year implementation plan: Document Management System and Workflow System enhancement 
  • Provided project management consultation, including project progress, budget, and timeframe.

Result
Through a series of on-site interviews, our security experts have tailor-made a one-year step-by-step implementation plan for the company to perform remediation actions, along with continuous advisory from Ringus. High-priority risk items have been addressed with appropriate corrective actions to prevent the company from security risk exposure in the short run.

In the long run, to reduce the workload of the IT Team, Ringus not only provided suggestions and alternatives for the companies to consider, but also helped integrate the Information Security Management System into the operational workflow in diverse locations.
 
Follow-up
After the assessment, Ringus has consistently updated the remediation process with the company and continually provide implementation advisory mentioned in the assessment report.
An introduction of the standardized policies and procedures has been brought to ensure appropriate security level of information handling in the daily operation.

Benefit 
The one-year implementation roadmap is embedded in the assessment report in a manner that our client can easily follow the remediation plan according to the severity level assigned.

Our team continues to work closely with our client, providing the best managerial and technical implementations advisory that are in line with clientโ€™s missions and visions.
 

More Updates

Further reading

๐—ช๐—ต๐˜† ๐—ฃ๐—ต๐˜†๐˜€๐—ถ๐—ฐ๐—ฎ๐—น ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฅ๐—ฒ๐—บ๐—ฎ๐—ถ๐—ป๐˜€ ๐—˜๐˜€๐˜€๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐˜๐—ผ ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ถ๐—ป ๐—œ๐—ฆ๐—ข ๐Ÿฎ๐Ÿณ๐Ÿฌ๐Ÿฌ๐Ÿญ

๐—ช๐—ต๐˜† ๐—ฃ๐—ต๐˜†๐˜€๐—ถ๐—ฐ๐—ฎ๐—น ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฅ๐—ฒ๐—บ๐—ฎ๐—ถ๐—ป๐˜€ ๐—˜๐˜€๐˜€๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น ๐˜๐—ผ ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ถ๐—ป ๐—œ๐—ฆ๐—ข ๐Ÿฎ๐Ÿณ๐Ÿฌ๐Ÿฌ๐ŸญWe spend so much time talking about firewalls, encryption, and phishing simulations โ€” but what happens when someone simply walks into your server room, steals a laptop, and causes damage to companyโ€™s assets?Why does physical security matter so much? Because many real incidents start physically:๐Ÿ’ซ A tailgater slipping into a restricted area and accessing sensitive systems.๐Ÿ’ซUnlocked desks leaving confidential documents visible to visitors or cleaners.๐Ÿ’ซNatural disasters such as typhoons and flooding disrupting servers, leading to downtime or hardware damage if environmental protections aren't in place.Physical security directly supports the core principles of information securityโ€”the CIA Triad (confidentiality, integrity, and availability) of data and systems. Threats such as theft, tampering, or natural disasters can bypass digital protection entirely.In ISO 27001:2022, physical security is addressed through a dedicated theme under Annex A. Issues like expired fire extinguishers, missing CCTV footage, sticky notes with account passwords, or unlocked server room racks are common findings in an ISO 27001 audit. These are often fixed in a short time but can lead to non-conformities if ignored. Usual physical security practices are as follows:๐Ÿ’ซ Clear desks and screens (e.g. keep sensitive information in restricted areas)๐Ÿ’ซPhysical entry and access control (e.g. door access restriction)๐Ÿ’ซPhysical Monitoring (e.g. CCTV)๐Ÿ’ซetc.
๐—›๐—ผ๐˜„ ๐—š๐—ผ๐—ผ๐—ฑ ๐—”๐—ฟ๐—ฐ๐—ต๐—ถ๐˜๐—ฒ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—ฅ๐—ฒ๐—ฑ๐˜‚๐—ฐ๐—ฒ๐˜€ ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ถ๐—ฐ๐—ฎ๐—น ๐——๐—ฒ๐—ฏ๐˜ ๐—ถ๐—ป ๐—ฆ๐—ผ๐—ณ๐˜๐˜„๐—ฎ๐—ฟ๐—ฒ ๐—ฃ๐—ฟ๐—ผ๐—ท๐—ฒ๐—ฐ๐˜๐˜€

๐—›๐—ผ๐˜„ ๐—š๐—ผ๐—ผ๐—ฑ ๐—”๐—ฟ๐—ฐ๐—ต๐—ถ๐˜๐—ฒ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—ฅ๐—ฒ๐—ฑ๐˜‚๐—ฐ๐—ฒ๐˜€ ๐—ง๐—ฒ๐—ฐ๐—ต๐—ป๐—ถ๐—ฐ๐—ฎ๐—น ๐——๐—ฒ๐—ฏ๐˜ ๐—ถ๐—ป ๐—ฆ๐—ผ๐—ณ๐˜๐˜„๐—ฎ๐—ฟ๐—ฒ ๐—ฃ๐—ฟ๐—ผ๐—ท๐—ฒ๐—ฐ๐˜๐˜€Technical debt is often an unavoidable byproduct of rapid developmentโ€”but good architecture ensures it doesnโ€™t become toxic.1๏ธโƒฃ Defines Standards and Enforces ComplianceArchitecture sets clear standards for platforms, data, and security, reducing inconsistencies and redundancies. Guidelines and regular architecture reviews ensure new code complies with best practices, preventing unmaintainable implementations from entering the system.2๏ธโƒฃ Manages Complexity through ModularityModular architecture, such as microservices or well-structured layers, reduces tight coupling and isolates components. This simplifies maintenance, allows teams to work independently, and makes it easier to identify and fix areas of high technical debt before they snowball.3๏ธโƒฃ Enables Scalability and FlexibilityProactive architectural design anticipates future growth and changing requirements. Systems can scale, adapt to new technologies, and incorporate new functionality without extensive rewrites, minimizing long-term debt and maximizing agility.4๏ธโƒฃ Improves Maintainability and Reduces RiskClear structure and documentation provide visibility into system dependencies, helping developers understand the impact of changes. Combined with CI/CD pipelines and automated testing, architecture acts as a safety net, allowing incremental improvements while controlling debt accumulation.5๏ธโƒฃ Aligns Technology with Business GoalsGood architecture ensures systems support business objectives efficiently, balancing speed with quality. It enables sustainable technical choices that maximize ROI while reducing the cost of misaligned or obsolete solutions.In essence: architecture is a strategic investment that turns technical debt from a hidden risk into a manageable, predictable factorโ€”supporting sustainable growth, maintainable code, and long-term innovation.
Hantec Group Annual Dinner

๐ŸŽ‰ Hantec Group Annual Dinner๐ŸŽ‰Celebrating Growth and Togetherness!A wonderful evening filled with laughter, teamwork, and gratitude. The Annual Dinner brought our Hantec & Ringus family together to celebrate achievements, honor dedication, and look ahead to new goals. Hereโ€™s to stronger collaboration, new milestones, and an even brighter 2026 together!

Contact Us