Audit of Information systems is an independent examination and evaluation of an organization’s information technology infrastructure, policies and operations. It is an appraisal of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines
It is a US Federal law passed in response to the major corporate scandals such as Enron and Worldcom. SOX has set parameters for overseeing, regulating, inspecting and disciplining the accounting, auditing and reporting processes.
Similarly, SOX has changed the way an IT Audit has to be done. There are adequate controls in place to prevent fraud, misuse and/or revenue losses. It states compliances regarding controls, detection, timely actions, mechanism to keep a log of exceptions and audit trails.
GLBA Audit is a mandatory compliance for a financial institution whether or not it discloses non-public sensitive information. It requires a policy in place to protect the information system from foreseeable threats in security and data integrity.
It safeguards client/ customer privacy rights. The GLBA Audit helps to check whether the measures such as Pretexting Protection are working effectively to protect against malicious acts like phishing.
GRC is a discipline that aims to orchestrate three areas namely Governance, Risk and Compliance.
Governance is policies, procedures and processes laid down by the management that establishes the organisational structure and shows direction of how to achieve the organisational objectives with effective and efficient utilization of resources.
Risk management deals with detecting the risks and tackling it to enable smooth and sustained functioning.
Compliance deals with the adherence to applicable mandatory laws and regulations laid down by regulatory authorities.
Enterprise Risk Management (ERM) is a popular process applied as a part of strategy, designed to firstly identify possible events that may affect the entity and secondly manage the detected risks for keeping them within the enterprise’s
The PCI Security Standards offers comprehensive standards and supporting resources to elevate payment card data security. It is a popular proprietary IS security standard. It has been designed for various companies that deal with branded
It is an international best practice. It is also a systematic standard for Information Security Management Systems (ISMS). ISMS integrate the people, processes and IT Systems to secure the Confidentiality, Integrity and Availability of such sensitive/secret information. Moreover it provides certification as an independent body that the security is in conformity with the standard in best possible manner.
ISO 27001 security audit services provides independent review and assurance to your IS Security practices. It identifies the shortcomings in identifying and managing risk of leaking information assets. This helps to gain credibility and trust of the stakeholders.
SAS 70 requires service organisation to go through an in depth assessment of their control objectives and control activities. SOC1 reports the opinion of the auditors regarding about the system’s and service’s description given by the management and about the accuracy and completeness of the controls along with its operational efficiency. The SOC3 audit report is based on the “Trust Service Principles” that the enterprise has achieved Trust criteria like Web Trust and Sys Trust or not.