IT Audit

Compliance Overview

IT Security Compliance regulations and guidelines (GLBA, FFIEC, FDIC, NCUA, OCC, OTS) require an organization to conduct independent Audits of its Information Security Program. An IT Security Audit will verify the organization’s current security controls line up with the standards established by the FFIEC or Best Practices based on international standards such as ISO 27001, COBIT 4, etc.

 

Solution Overview

The TraceSecurity IT Security Audit process meets this requirement by evaluating the effectiveness of and adherence to your organization’s Information Security controls as determined by your organization’s Risk Assessment or relevant regulations.

The process includes procedures to collect and examine data and practices which impact the effectiveness of the security program, and to help identify deficiency causes. Additionally, the examination process includes the ability to archive support data used to support audit conclusions with clear audit trails.

 

Download Data Sheet

 

Some of the services in the TraceSecurity IT Security Audit include:

  • Access and Authentication
  • Acquire & Maintain Application Software
  • Audit and Accountability
  • Change Management
  • Contingency Planning
  • Data Security
  • Host Security
  • Incident Response
  • Media Protection
  • Network and Security Monitoring
  • Personnel Security
  • Physical and Environmental Protection
  • Service Provider & Policy Review

TraceSecurity Information Security Analysts (ISA) conduct the independent verification by reviewing the relevant documentation and performing interviews/walkthroughs.

Documentation includes the policies, procedures and checklists that define and/or support the IT controls. The interviews and walkthroughs, which are conducted with key personnel from the organization, are performed to validate adherence to the documented policies & procedures, as well as to corroborate the practices described during the interview process.

The IT Audit results are provided in an extensive report containing:

  • Introduction
  • Executive Summary
  • Remediation Action Plan
  • Detailed Audit Results
  • Control Descriptions & Verification Procedures
  • Supporting Documentation
Download Data Sheet

 

Related Solution

Although the IT Security Audit process should be a continuous function, many organizations find it cost-prohibitive to use third-party vendors to perform the necessary audits and manage the process on an ongoing basis. Plus, tapping in-house personnel may create an undue strain on internal resources.

That’s why TraceSecurity developed its IT Audit Manager solution which provides a seamless transition to an in-house managed IT Audit program. TraceSecurity’s IT Audit Manager helps automate the audit process so that an organization can effciently perform its own, on-demand IT Security Audit in a cost effective manner.

Overview of IT Audit Manager

TraceSecurity IT Audit Manager is a specialized module contained within TraceSecurity’s Compliance Manager (TSCM), a comprehensive web-based software solution that provides access to a host of security compliance products organizations used to manage an ongoing security compliance program.

This solution provides the following benefits:

  • Minimizes implementation and management costs to the organization.
  • Eliminates the impact on the organizations network utilization.
  • Saves time during the examination process.
  • Reduces the employee time associated with the deployment.
  • Makes the solution available to any authorized user, anytime and anywhere, with an internet connection.

How does TraceSecurity IT Audit Manager enable an organization to perform regular IT audits?

With TraceSecurity IT Audit Manager, your organization can ensure that its internal IT Audit is performed using regulatory and Best Practices guidelines. These guidelines will help the organization effciently compile and evaluate the pertinent organizational data related to governance, controls, policies, and procedures to prepare for regulatory or independent IT audits. The business and regulatory standards are then analyzed against organizational standards and regulatory controls. The solution aligns closely with FFIEC and Best Practices Audits and radically simplies the audit process for the organization.

TraceSecurity IT Audit Manager empowers your IT staff to develop standard, repeatable IT Audit processes that are thorough, simple, and most importantly, accurate.

 

TraceSecurity IT Audit Manager offers many benefits to your organization:

  • Reduces employee resource costs of IT audits
    • Streamlines the entire IT audit process through an preconfigured online questionnaire model.
    • Manages the audit trail and supporting documents that increases efficiency and reduces time needed to perform future audits.
    • Expert-guided procedures shorten the audit period.
    • Color-coded flags simplify the process allowing partial completion to be saved and completed at a later time.
    • Leverages previous audit responses to minimize the time associated with controls that have not changed since the previous audit.
  • Develops a standard, repeatable audit process
    • Can be built directly off the organization’s risk assessment.
    • Features customizable levels of audit.
    • Online questionnaire guides multiple employees through the same audit methodologies providing a standardized audit process.
  • Creates standardized accurate reports and thoroughly prepares the IT department for audits by regulatory boards
    • User note section helps create the audit trail and lessens the time wasted trying to track information during examiner review.
    • Creates a concise executive summary for management, board of directors and auditors.
    • Consistent reporting allows easy referencing during audit reviews.

 

Download "The Key to Continuous Compliance", which explains the value of having qualified experts properly identify and evaluate information risk through a comprehensive risk assessment. Download this free white paper now