Compliance Preparation and IT Audit
Planning, Liaison, Remediation, Testing, Certification
SSAE 16, PCI, HIPAA, GLBA, SOX, DRP, BCP, Penetration Testing, Internal IT Audit - Tampa, Miami, and Nationwide
Traditional Audits and Audit-READY certification cover a spectrum of IT-related controls expected by corporate management, regulatory agencies, and other outside parties. Designations for each type of audit and sub-categories for certification include:
ITGC Information Technology General Controls Review consists of an evaluation of general controls in an IT environment, including, but not necessarily limited to IT Administration, Operations, Physical and Logical Security, and Management Oversight & Governance
ITAD Information Technology Application Development
Review of application development and deployment/SDLC process and reviews effectiveness of application security controls
ITPO Information Technology Project Oversight
Consists of monitoring, evaluation, and input throughout the life-cycle of IT projects, including review of project plans, milestones, change management, and appropriate reporting, while keeping the project in line with audit standards and expectations of outside parties.
ITRR Information Technology Regulatory Review
Consists of our ITGC and/or ITAD reviews but also adds additional testing of controls required by regulatory agencies, depending on the audit clients’ specific industry. For example, Healthcare, Insurance, Pharmacy organizations will likely require additional controls mandated by HIPAA. Food/beverage/pharmaceutical manufacturing clients are often reviewed by the FDA. Financial service and Banking clients are regulated by GLBA privacy and others. Publicly Traded companies require controls which satisfy the Sarbanes-Oxley act (SOX). We work to ensure the audit scope and certification include our testing of controls required by outside parties.