With technology being integrated into every aspect of an organization's processes and technology, the need for IT Auditors that understand practical security controls has never been higher. Our consultants have a deep level of understanding of audit including traditional audit frameworks such as COBIT, while at the same time, have several years of experience in information security with frameworks such as ISO, NIST, PCI DSS, PA-DSS, and HITRUST CSF. This uniquely positions NetSPI with the ability to not only provide simple audits, but work with organization's IT and information security governance teams in helping design controls that not only meet stated requirements, but are also practical.
Internal IT Audit Services
In order to supplement Internal Audit's own expertise in the area of IT Audit, NetSPI will assist by providing the security, technology, and security framework expertise to the internal team. Most often NetSPI will work cooperatively with internal auditors and conduct audits on behalf or as part of the internal audit. This level of involvement not only provides a virtually seamless transition but also provides effective training opportunities for the continued education and development of internal resources.
Third-Party Audit Services
When an independent opinion is necessary NetSPI can perform a comprehensive audit of any single entity, ranging from a specific application or business process, a single division, or the entire organization. NetSPI will work closely with key project stakeholders to establish audit guidelines and parameters including any regulatory requirements that may be appropriate. With the audit requirements established, NetSPI will conduct on-site and off-site work as appropriate and will deliver a report of the audit findings. The report includes a prioritized matrix of findings as well as the justification as to why each finding was included in the report.
Regulatory Audit Services
NetSPI's unique experience with multiple regulatory standards allows NetSPI to perform targeted audits against specific requirements such as PCI, HIPAA, HITECH, HITRUST CSF, NIST, and ISO. NetSPI can customize audits to target third-party contracts or internal teams or systems, depending on the need of the organization.
Data Center Controls Review
NetSPI does a detailed review of all controls in place for a data center, including such items as physical access control, logon/logoff, backup procedures, hardware maintenance, problem reporting and escalation, assigned responsibilities to back up someone who is unavailable, audit logging, and documentation for all procedures.