When embarking on a compliance review we assess every aspect of your organisations people, processes and technology as it relates to the program under review. We examine your current processes and technologies and consider ways in which security can be enhanced to support the objectives of the business. During the review, we employ a risk based approach to assess the current security framework and security posture of the organisation.
Our review framework is based on the control frameworks found in ISO, COBIT and NIST. We begin by understanding how your organisation determines its risk tolerance. Is it based on maintaining regulatory compliance, or privacy and security risks or industry and/or competitive pressures. Because security motivating factors and values differ greatly between organisations it is important that we understand the risk tolerance drivers.
Next we interview select individuals and review appropriate documentation. Throughout the review we develop an understanding of the security management configuration, including security responsibilities, security governance, security policies, security controls, security operations, security monitoring and response procedures.
We develop detailed documentation including a maturity assessment, gap analysis, tactical and strategic recommendations and a detailed roadmap.