Audit & Compliance


Enterprise Security Audit services are designed to help clients determine the security posture of their IT platform. Our consultants work with clients to review their information security architecture, technical and compliance controls and their overall security program.

These assessment provide the review of the following areas:

  • Risk Management

  • Information Security Policy

  • Organizational Security

  • Asset Management

  • Human Resource Security

  • Physical and Environmental

  • Communications and Operations Management

  • Access Control

  • Information Systems Application Development and Maintenance

  • Information Security Incident Management

  • Business Continuity/Disaster Recovery

  • Compliance

Enterprise Security Audit services can be expanded with additional consulting services, to include a review of policies, configuration review, penetration testing, and additional regulatory or compliance requirements testing or risk assessment.

Methodology:


We conduct audits using the appropriate audit standard, such as HIPAA, FACTA, FedRAMP, PCI, NIST, NYDFS, or SOX.  We also conduct general IT Security audits using the SANS Top 20 Consensus Security Controls, which map to all other security standards.

Our compliance audit process consists of the following modules:

  • Kickoff meeting to discuss client goals and compliance standard

  • Documentation gathering and review

  • Interviews

  • Technical Assessment to support controls testing

  • Reporting

  • Remediation and Review

All our audit consultants hold one of the following certifications: Statement on Standards for Attestation Engagements (SSAE) 16 experience, Certified Internal Auditor (CIA), Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), or Certified Government Auditing Professional (CGAP), Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Government (CIPP/G), Certified Information Systems Security Professional (CISSP), Fellow of Information Privacy (FIP), or HealthCare Information Security and Privacy Practitioner (HCISPP).