IT Audit / Compliance Assurance Program

• Do you understand all of your compliance obligations?
• Do you lack the time necessary to prepare for your next audit?
• Do you need to reduce the overall cost of compliance?

One of the most costly and time consuming aspects of IT management is dealing with auditors. Organizations struggle to ensure that their business technology infrastructures are secure and compliant with regulations and with industry and company policies. InfoSight understands this. We help organizations of all sizes achieve, maintain and demonstrate IT security compliance while significantly improving their security posture. Through a combination of products and professional service solutions, we help address all critical components of a successful IT Audit / Compliance Assurance program, including people, processes and technologies.

The mistake many organizations make is to look at compliance as a one-time task when, in reality, it is an ongoing process that requires constant monitoring and updating. Because it is nearly impossible to predict what new compliance regulations are down the pike, you need a trusted partner like InfoSight to assess your network vulnerabilities and to customize a strategic solution and IT Audit /Compliance Assurance Program to protect your organization.

To make sure deadlines are met and requirements aren't falling through the cracks, we’ll help you design, implement and effectively manage a process that integrates and tracks the demands of auditors. Our comprehensive and easy-to-understand reports have been successfully used by organizations to pass thousands of audits. A sampling of our services include:

Information Assurance Process Testing (IAPT)
The Information Assurance Process Test suite is a series of process examinations which seek to discover potential risks and flaws in existing non-technical security processes implemented within the organization. This assessment may include areas as diverse as:

• Governance and Management Structure Security and Efficacy Testing
• Information Security Policy Implementation Testing
• Personnel Security Testing (Background Checks and Screening, Confidentiality, Non-disclosure, and Authorized Use Agreements, Job Description)
• Risk Assessment Process Testing and Risk Management Procedural Testing
• Security Process Controls Testing
• Third Party Vendor Security Testing (SAS70 Reviews, Policy Validation)
• Insurance Validation Testing

Regulatory Framework Compliance Review (RFCR)
If an organization is subjected to state and/or federal regulations as part of their core business, they may be required to follow one or more established compliance frameworks. As such, InfoSight’s Regulatory Framework Compliance Review can assist an organization in determining their compliance to such frameworks prior to the arrival of auditors and examiners. This assessment is conducted against the frameworks an organization is required to comply with, and can vary from engagement to engagement. The security tests performed during the Regulatory Framework Compliance Review include the following:

• PCI Compliance Review
• COBIT Compliance Review
• SOX 404 Compliance Review
• GLBA 501(b) Compliance Review
• BSA Compliance Review
• HIPAA Data Security Compliance Review
• Red Flag Identity Theft Review

Don't face compliance issues alone. Contact us today to learn how InfoSight can help you ensure continuous compliance with internal policy and regulatory mandates.

Complementary Services
Vulnerability Scanning
Email Encryption
Information Security Awareness Training