Audit Offerings

Engagement Type: Annualized Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Information Systems Audit
Provides an overview of the security posture of an information system.

Audit of a selected information system to ensure proper design and implementation best practice is followed; security and audit controls exist and are properly maintained as well as identify technical and business risks associated with management and control issues.

Standard deliverables focus on providing an overview of the security posture of the information system, a report of identified and required security measures for both technical and process issues.

Policy & Procedure Audit
Ensure compliance with industry best practice and enhance organizational security posture.
Audit of current organizational policy and procedures for compliance with standards such as CobiT, ISF Standards of Good Practice, ISO-17799, and additional industry specific requirements.

Standard deliverables provide an overview of the current business situation and detail areas requiring short and long term improvement.

Code Audit
Review code for vulnerabilities and integration of security best practice.

Review developed code (C, C++, Java, .Net, etc) for suitable integration of security precautions and audit procedures to ensure information systems are properly protected and audited. In addition, the audit process searches for technical vulnerabilities and evidence of potentially unauthorized or unintended functionality incorporated in the code.

Standard deliverables focus on providing a review of how the developed code reflects against information security best practice, a detail of vulnerabilities discovered, and a set of recommendations that facilitate immediate security improvements.

Business Continuity / Disaster Recovery Audit
Provides an overview of the effectiveness of BCP/DRP program and facilitates process improvement. Reviews current BCP/DRP plans for compliance with industry best practice. Compare current plans against similar organizations and inventory organizational BCP/DRP practices. Once completed, issues are identified and improvement plans are prepared.

Standard deliverables provide an overview of current BCP/DRP posture and an inventory of current standards, processes and documentation. Recommendations facilitate development of required processes and review procedures to ensure an effective long term BCP/DRP solution.

Compliance Audit
Measure and improve your organizations compliance with identified policies.

Review of selected policies, systems, programs, business processes, organizations and organizational accountabilities to measure compliance levels and identify areas for improvement and budgeting.

Standard deliverables provide a detailed situation analysis, inventory of compliance issues and required controls, risk metrics used, and policy recommendations for further improvement.

Information Asset Classification Audit
Identify and classify information assets throughout the organization. Identifying assets, their locations and value, define how organizations budget the required amount of time, effort and money that is required to secure their assets. Standard deliverables provide an inventory of the assets, details of the accountability of assets, required policy and process templates for ongoing internal information classification and recommendations for process improvements.