IT Control Testing:
Determine Operational IT Control effectiveness and process development for Application and Network services for the following procedures:
- Problem, Incident & Change Management
- Risk Management
- Issue Management
- Portable Storage Media
- Identity Access Management
- Password Management
- Health Checking
- Service Activation & Deactivation
- Intrusion Detection and Vulnerability Testing
- Patch Management
- Physical Security Controls for Controlled Areas
KCO (Key Controls Over Operations) Auditing – SSAE16 – Ensure confidentiality, integrity, and availability of information systems and data. SOC 1 and SOC 2, Type II control testing
IT SOX (Sarbanes Oxley) 404 – IT Control testing
- Information Systems Environment
- Physical Access and Environmental
- Logical Access Controls and System Security
- Computer Operations
ISO27000 – Risk Assessments & Monitoring
HIPAA – Ensure compliance with 45 CFR Part 164 requirements for Technical, Administrative, and Physical Safeguard Assessments.
PCI – Risk Assessments – Ensure and maintain a secure environment for companies that process, store or transmit credit card information.
Ensure that effective methods and policies are used to authenticate the identity of customers and processes, and ensure that programs are in place to protect sensitive customer information.
FFIEC – Perform an overview of your risk management framework for financial institutions that offer Internet-based products and services to their customers. Ensure that effective methods are used to authenticate the identity of customers and processes and develop programs to protect sensitive customer information.
- IT Network Assessments
- Risk Assessments
- IT Control Audits
Compliance & Security Plans:
- COA – Council on Accreditation (Human Services)
- JCAOH – Healthcare
- CARF – Commission on Accreditation of Rehabilitation Facilities
- HIPAA – Act as Corporate Privacy Officer and develop corporate compliance programs