Compliance Audit

A compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Independent accounting, security, or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security policies, user access controls, and risk management procedures throughout a compliance audit.

Independent audit and assessments provide management with the assurance that controls are designed appropriately, and operating effectively

The minimum baseline for all audits is NIST 800-53. This is the framework used for providing “gap analysis” on all systems, from the point of entry to the keyboard. This includes:

  • The network infrastructure and related appliances
  • Servers and related components
  • Desktop and related components
  • Policies and procedures

Gap Analysis

Audits and Gap Analysis can be performed on-site, remotely, or a combination of both.  The typical process will take three to five days to complete depending on the audit level required. The process will include:

Meet with the stakeholders to determine what level of auditing is required and set the expectations.

  • Review policies and procedures
  • Perform security and compliance audits
  • Analyze the audit results and prepare the necessary reports and recommendations
  • Meet with the stakeholders and review the audit results and recommendations
  • Prepare an after-action report identifying all issues with recommendations to mitigate any negative findings
  • Work with the client to prepare and implement a mitigation strategy
  • Reexamine the areas that required mitigation to ensure compliance
  • Prepare final report

We perform audits compliance assessments and gap analysis against standards and regulations such as

  • ISO 27001
  • NIST/FISMA
  • SOX
  • SOC2
  • HIPAA/HITECH
  • FFIEC
  • C2M2
  • ISM3