Physical Audit of Facilities, Procedures, and Quality Control
Our company is engaged in an ongoing effort to ensure the security and integrity of the internal and external processes to secure the intellectual property assets of one of the world's leading global tech giants.
Information technology systems come with a list of scheduled maintenance items and best practices, your IT organization should have a run-book or checklist of security features to audit on a periodic basis. You can do many of them yourself, but there’s no substitute for having an independent third-party expert check for.
Why undertake independent 3rd party periodic assessments?
There is a long list of reasons why you want to do periodic assessments and an equally long list of reasons why you should. An increasing number of organizations are bound by governmental regulations that dictate what security measures you should have in place and how they should be audited. HIPAA, PCI, FISMA, Sarbanes-Oxley, and Gramm-Leach-Bliley all dictate how to secure different types of data and the systems that manage it. They also require regular security posture assessments, though they vary on specific requirements and time frames.
Even if these regulations don't specifically pertain to your organization and you’re not actually bound by any of these governmental regulations, you still might want to use them as resources to help guide your own IT security practices. ISO 27002 is a good generic security standard, and we discussed the value of FISMA to every organization in the Q4 2006 issue of The Barking Seal.
There are many benefits of doing third party periodic assessments beyond simply complying with government regulations. Undertaking regular assessments can reveal:
- Whether your security has already been compromised
- Be aware of the latest security threats — with new attacks coming every day, you could become vulnerable even if nothing has changed since your last audit and or assessment
- Benchmark your staff and the effectiveness of your procedures and the state of your IT Security
- Increase awareness and understanding of IT and Physical security issues throughout your company
- Prioritize security investments by and focus on the high impact issues
- Demonstrate to your stakeholders that security is important
Accounting & HR Compliance and Business Process Consulting
Compliance, Privacy, and Accountability are the hallmarks of every great organization today. Our team has been engaged to ensure the effectiveness and appropriateness of processes and procedures in a variety of organizations.