Audit & Compliance
Enterprise Security Audit services are designed to help clients determine the security posture of their IT platform. Our consultants work with clients to review their information security architecture, technical and compliance controls and their overall security program.
These assessment provide the review of the following areas:
Information Security Policy
Human Resource Security
Physical and Environmental
Communications and Operations Management
Information Systems Application Development and Maintenance
Information Security Incident Management
Business Continuity/Disaster Recovery
Enterprise Security Audit services can be expanded with additional consulting services, to include a review of policies, configuration review, penetration testing, and additional regulatory or compliance requirements testing or risk assessment.
We conduct audits using the appropriate audit standard, such as HIPAA, FACTA, FedRAMP, PCI, NIST, NYDFS, or SOX. We also conduct general IT Security audits using the SANS Top 20 Consensus Security Controls, which map to all other security standards.
Our compliance audit process consists of the following modules:
Kickoff meeting to discuss client goals and compliance standard
Documentation gathering and review
Technical Assessment to support controls testing
Remediation and Review
All our audit consultants hold one of the following certifications: Statement on Standards for Attestation Engagements (SSAE) 16 experience, Certified Internal Auditor (CIA), Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), or Certified Government Auditing Professional (CGAP), Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Government (CIPP/G), Certified Information Systems Security Professional (CISSP), Fellow of Information Privacy (FIP), or HealthCare Information Security and Privacy Practitioner (HCISPP).