Control Audit Preparedness

A test against your in-scope control frameworks (e.g. ISO27001, SOC2, HITECH, FISMA, GDPR) in advance of pursuing organizational attestations and certifications

Know where the organization has exposure to risk in advance of paying for auditing and certification tests and unforeseen remediation costs. Identify the risks pointedly against your requirements ahead of time to prepare under your own terms
Anyone with an organization that collects, manages and stores data about any person anywhere that may have crossed geographical boundaries or is in a regulated industry (e.g. financial, medical,...)
Straight consulting
As per project requirements and scale
Industry attestation and certification processes can be arduous, extensive and expensive. They are standard procedure among larger corporations, which can afford them. Now all companies that are digital must submit to at least one set of industry or jurisdictional standards to protect users and shareholder liability. These are new to most business and their leaders and when performed properly, can be a competitive advantage. It is actually a way to reduce costs in both near and long term.

A document that depicts

  • Lists of in-scope control frameworks
  • Lists of in-scope auditable items in control environment
  • Lists of stakeholders interviewed
  • Lists of non-compliant control items
  • Explanations of exceptions and what they represent to the organization
  • Lists of next steps for each