IT AuditA security audit performed against IT security controls
FRSecure performs a full array of information security assessments and audits including FISMA, ISO Certification, NERC/FERC, FDA, SEC, FINRA, SOX, and more. If you’re looking for an assessment, we’ve likely done it before, and are happy to discuss your needs with you. Call us today.
What is an IT Audit
IT Audit is a term primarily used by banks and credit unions when complying with GLBA and NCUA security requirements. The term IT Audit generally refers to an assessment of IT controls in the following areas (although this differs from organization to organization):
- External Penetration Test
- Internal Vulnerability Scan
- IT Security Policy Assessment
Because the definition of an IT Audit varies, we’d encourage you to spend a couple minutes on the phone with our team so we can determine exactly what you need and deliver the best possible outcome for you.
Why would I want one?
IT audit is very similar to a Network Security Assessment. If you are not a bank or a credit union we would encourage you to consider a full information security assessment or a network security assessment instead.
IT Audits are generally required for regulatory compliance with GLBA and NCUA.
What makes FRSecure different?
Even though IT Audits are highly technical audits, the experience of the auditor play a significant role in determining the value of the audit over and above mere compliance. FRSecure’s experts have years of specific industry experience, but also come from backgrounds where they’ve been on your side of the table. As such, they understand the challenge of balancing security needs with budgets, and they understand how to make recommendations that are realistic and doable.
What are the deliverables I should expect?
Deliverables for an IT Audit are (in general):
- External vulnerability assessment report and recommendations (penetration test)
- Internal vulnerability assessment report and recommendations
What does an IT Audit cost?
IT Audit is determined by the specific components you need. We take into account your organization’s size, complexity, industry, compliance requirements, and most importantly, your actual needs. Because of our tailored approach, all you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.