A compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Independent accounting, security, or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security policies, user access controls, and risk management procedures throughout a compliance audit.
Independent audit and assessments provide management with the assurance that controls are designed appropriately, and operating effectively
The minimum baseline for all audits is NIST 800-53. This is the framework used for providing “gap analysis” on all systems, from the point of entry to the keyboard. This includes:
The network infrastructure and related appliances
Servers and related components
Desktop and related components
Policies and procedures
Gap Analysis
Audits and Gap Analysis can be performed on-site, remotely, or a combination of both. The typical process will take three to five days to complete depending on the audit level required. The process will include:
Meet with the stakeholders to determine what level of auditing is required and set the expectations.
Review policies and procedures
Perform security and compliance audits
Analyze the audit results and prepare the necessary reports and recommendations
Meet with the stakeholders and review the audit results and recommendations
Prepare an after-action report identifying all issues with recommendations to mitigate any negative findings
Work with the client to prepare and implement a mitigation strategy
Reexamine the areas that required mitigation to ensure compliance
Prepare final report
We perform audits compliance assessments and gap analysis against standards and regulations such as