View document in PDF format
Rob Reardon is the corporate director of Internal Audit for Gibraltar Industries, a Buffalo, N.Y.-based manufacturer, processor, and distributor of products for the building, industrial, and vehicular markets. Gibraltar has been using SekChek IT auditing and assessment tools since early 2006.
Gibraltar is a large, geographically disbursed company, with 84 facilities in 27 states, Canada, China, England, Germany and Poland. The company is publicly traded with $1.3 billion in annual revenue. Gibraltar’s common stock is a component of the S&P SmallCap 600 and the Russell 2000® Index.
Rob Reardon’s Internal Audit group uses SekChek’s tools to audit and assess Gibraltar’s IT security, ensuring it is in compliance with Sarbanes-Oxley (SOX) requirements. “I had used SekChek in my previous company, where it was introduced to us by Deloitte, our external auditor. When I joined Gibraltar, I brought SekChek with me as a tool for evaluating the security of our various IT systems,” says Reardon.
For an organization that wants to collect detailed data about the effectiveness of its system controls, SekChek offers several advantages over other methods of security assessment and reporting, says Reardon.
“Our information systems run on multiple operating systems, including OS/400, UNIX and Windows. Instead of using separate security analysis tools for each of these systems, I use SekChek. I had to purchase an analysis tool for an Open VMS operating system that cost $10,000, so the ability to use SekChek on multiple operating systems is very advantageous. In addition, I pay as I go for each analysis with SekChek. I don’t have to buy software or pay maintenance fees. It is a very cost effective solution.”
Using SekChek allows Reardon to budget just for the individual systems he needs to review. “SekChek is easy to execute, providing complete assessments in as little as 24 hours – and, the process is secure, utilizing complex but user-transparent encryption procedures,” he adds.
“The SekChek assessment process provides us with clear, readable reports with actionable items to address to improve our security, as well as valuable evidence to demonstrate that our security controls are in place. Other security analysis tools I have seen identify security risk issues but do not provide the detailed recommendations that SekChek provides.
“SekChek provides our management team with cost effective, reliable and easy to understand evidence regarding our IT security. The SekChek security analysis provides us the tool we needed to ensure we are in compliance, and prepares Gibraltar for external audit review,” says Reardon.