We conduct ISMS audit to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. ISMS audit demonstrates any company’s approach towards information security and privacy. In ISMS audit, our set of deliverables are as follows:
Documentation review
This is a review of company’s policies, procedures, standards, and guidance documentation to ensure that it is fit for purpose and is being reviewed and maintained
Evidential audit
This is an audit activity that actively samples evidence to show that policies are being complied with, that procedures and standards are being followed, and that guidance is being considered
Analysis
Apart from the documentation review and/or evidential sampling, our team assesses and analyses the findings to confirm if the standard requirements are being met
Audit report
An audit report is also formally prepared and submitted adhering to the industry best standards
The purpose of this activity is to review the IT infrastructure for gap analysis. We conduct a project kick-off session, approximately one business day in length, at a mutually agreeable time at CLIENT designated office (“Kickoff Meeting”). This session is conducted between the client’s point of contact and the designated team to:
- Identify security controls in-scope departments that include application, network, and operating system access control.
- Analyze all relevant policies and SOP documents, network diagrams, applications, systems, network equipment and list of controls, identification of assets in scope of gap analysis.