If you are in the Banking industry or another sector with strict PCI DSS compliance needs, then security audits are a way of life for your organization, along with Report on Compliance (ROC), and Attestation of Complicance (AOC) statements.
The most common trigger for seeking a Security Audit Remediation Plan is that your company has already performed a pre-audit gap analysis that found issues, or experienced a formal audit that received a less than passing ROC from the QSA (Qualified Security Assessor).
WHAT DO YOU DO WITH SECURITY GAPS WHEN YOU FIND THEM?
In the worst scenario, when you’ve already received a less than passing ROC from your Qualified Security Assessor (QSA), you MUST act quickly. But even if your security measures are passable, you may be looking for additional help with going beyond minimum guidelines.
Our experienced security specialists are fully qualified to assist you in creating and/or executing a remediation plan to help your organization meet or exceed any or all regulatory requirements in the area of information security for PCI DSS, CIP, GLBA, HIPPA, IRS Publication 1075, Sarbanes-Oxley, CoBiT, FISMA/NIST, FTC Red Flag rules, and state privacy and data breach notification laws, and others.
Maintaining Independence and Objectivity
Now that you’re ready to get help with creating your Security Audit Remediation Plan, make sure that the process is both objective and independent. What this means most often is a separation between the person or organization that performed your audit.
Many companies perform both audit and remediation, which can lead to a loss of objectivity. Our work is generally performed after the audit, keeping our work independent of the original performing QSA and objective in its planning and execution.
The experience you need
Our security professionals are experienced in working with organizations of various sizes and industries while helping to address the following areas of remediation planning:
- Control Development
- Process and Control Documentation
- Remediation Support
- Controls Testing
- Targeted Testing
Click here to start your consultation.