Audit

Independent audit and assessment provides management with the assurance that IT controls are designed appropriately and operating effectively. SecureIT’s CISA and CISSP consultants rely on deep technical skills and industry knowledge to understand requirements, assess and evaluate security postures, and provide cost-effective recommendations when deficiencies are found.

IT Audit Co-sourcing/Outsourcing: we invest heavily in ongoing training of our CISAs and CISSPs — so you don’t have to. In fact, we encourage our clients to leverage our people, methodologies, technology, knowledge, and expertise on their own behalf. Depending on your needs, we can perform single audits encompassing all areas of technology or a comprehensive series of audits scheduled throughout the year. We can also provide experienced professionals to supplement your existing IAD resources and help transfer knowledge and build skills internally within your team. SecureIT’s flexible delivery model can support both standard staff augmentation and customized staffing models, such as SME support for technical audits or even full audit teams that will independently plan, execute, report, and oversee the audit. Our IT audit consultants have the skills and experience to address the full range of IT audits, including the following technologies and process audits:

  • Cloud computing
  • Cybersecurity
  • Security logging, event management & monitoring
  • UNIX and Windows servers
  • Database platforms
  • Web infrastructure & applications
  • Virtualization
  • Network security & operations
  • Configuration management
  • System resilience, backup & recovery
  • Agile development and DevOps
  • IT risk management and governance
  • Data management
  • Application security & data integrity

Compliance Audits: we perform independent third-party assessments for a range of security and IT governance related compliance standards. Alternatively, our professionals can advise our clients on security gaps and program enhancements that are required to address compliance requirements and guide remediation actions when gaps are identified. SecureIT’s compliance audit services encompass the following compliance standards:

  • FISMA and NIST 800-53
  • FedRAMP
  • NIST 800-171
  • SOC
  • ISO 27001/27002
  • Sarbanes Oxley (management testing)
  • PCI DSS
  • HIPAA/HITECH
  • FFIEC

External Audit Support: we work closely with our CPA partners to bring our IT audit expertise to SOX and financial statement audits. Our consultants assess and test IT controls (including both automated application controls and IT general controls) that support reliable financial reporting. SecureIT can also assist CPA firms performing SOC audits by leveraging our information security knowledge to assess and test controls related to Trust Services Criteria or Cybersecurity.

Audit Liaison: we act as facilitator, interpreter, and liaison between our clients and their auditors and regulating authorities. Our experienced consultants can simplify the audit process for IT, create efficiencies, and lessen the load on IT personnel during the audit. SecureIT can also conduct audit readiness reviews to identify and mitigate risks before the auditors and regulators arrive.

FedRAMP logo_Option 3