IT AUDIT & COMPLIANCE REVIEWS

IT Audit and Compliance Reviews

Service Summary

IT Audit and Compliance
Add Value to Your Business

The IT compliance audit service comprises of a full systems audit review in accordance with PCI DSS, SOX, COBIT, ISO 27001 and other standards, covering all respective areas of information security management. IT audit assists businesses to identify the risks associated with the extensive use of IT systems and maintains a controlled business environment for secure operations and business processing.

Process Description

We provide IT audit for a number of international standards like ISO 27001, PCI DSS, COBIT, Basel and others. The best practice standard for information security management is ISO 27001, on which, we base our standard audit scope and control checklist. If the client has other compliance requirements we design our audit scope and checklist in accordance.

Our standard audit scope for the ISO 27001 testing procedures includes the following 11 domains of information security:

  • Security Policy
  • Organization of information security
  • Asset Management
  • Human resources security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business Continuity Management
  • Compliance

During our audit procedures we check each control objective for its design, implementation and operating effectiveness, as per the Global Audit Methodology (GAM). The meaning of each of these three stages of testing is described below:

  • Design - a policy / procedure stated and approved by the company
  • Implementation – how the stated policies / procedures are implemented in the systems and business environment
  • Operating effectiveness – how the implemented controls are functioning over time

The main deliverables from the IT audit are an independent IT audit report stating the areas of risks on the business and any control weaknesses that have been noted over the audit period. In some cases evidence of fraud or override of controls is noted where further forensic investigation procedures may be initiated by the client.

Clients Cases

Contacts

NetSafety is an international cybersecurity consulting company with a head office base in Sofia, Bulgaria. Our firm's reputation is built on integrity, professional business conduct and a high quality of service in everything we do.

Simply call us to schedule a meeting and discuss your business needs.

NetSafety
Cybersecurity Consultants

E-mail:
team@netsafety.eu

Contact:
(+359) 88 9387598

Office location:
Sofia, Bulgaria