Skip to content
Wikitura

Quarterly Audit

As of Q1 2025, Novatura have put together a process for performing routine maintenance checks and implementing operational security measures to ensure the ongoing health and security of sites that we host.

It is hoped that by performing these checks, we can achieve the following:

  • Improve preventative measures against cyber-attacks
  • Improve confidence in our ability to protect customer data
  • Be more pro-active when it comes to site maintenance
  • Make a start on compliance with ISO27001 and CE+ requirements as accepted industry standards for cybersecurity and information security

Audit schedule

Section titled “Audit schedule”

The audit should be performed at the start of every quarter by an engineer, referred to as the auditor.

Sharepoint structure

Section titled “Sharepoint structure”

The Sharepoint folder Cybersecurity & Compliance has been designated for storing audit reports. The structure is as follows:

Cybersecurity & Compliance
├── Projects
│   └── [Site Name]
│       ├── Audits
│       ├── Evidence
│       └── Token Register.xlsx
├── Templates
│   └── Laravel Quarterly Security Audit Worksheet.docx
├── Evidence - General
└── Incidents

Projects

Section titled “Projects”

Subdirectories in the Projects folder refer to sites (deployments), not clients. Each site requires it’s own set of audits.

Projects > [Site Name]

Section titled “Projects > [Site Name]”

Please store completed audits in the Audits folder as PDFs.

Use the Evidence folder to store any file-based evidence required by an audit report.

Token Registry.xlsx is a spreadsheet used to track token rotations for a project. For more detail, read here.

Templates

Section titled “Templates”

These are the templates used for audit reports.

How to complete the audit

Section titled “How to complete the audit”

The audit template can be found here.

Before filling it out, please copy it to a temporary location instead of directly editing the template.

When finished, export it as a PDF and save it to the appropriate site’s Audits folder. The auditor may present their findings in the next Friday Review Meeting, so that remediation can be planned and followed up.

How to do certain things

Section titled “How to do certain things”

Here are instructions on how to perform some of the operational measures we have in place.

Token Rotation

Section titled “Token Rotation”

TODO