Information Security and Technology Consulting
Operations and Security
Achieving Security believes good security and financial acumen is about:
-
Having well designed controls with audit points
-
Ensuring necessary policies and standards defining controls are documented and available
-
Performing periodic engineering reviews and/or actual audits of the controls and their efficacy
Operations and Security Controls Design, and Reviews.
​
Standards like ISO 27001, Sarbanes Oxley, SSAE 18, and GDPR address requirements, but not direct controls to achieve those requirements in your operational setup. Let us work with your team to create a controls framework, document it, and see it in action.
Process and Controls Documentation.
ISO 27001 requires documentation for the 114 controls that are addressed by the security standard. Any SSAE 18 (e.g. SOC 1 Type 2) financial audit will want to review controls documentation. We have templates from prior work to put such documents together quickly and professionally.
Compliance.
Whether you need to pass a financial (e.g. SSAE18) audit with review of relative IT controls, gain/renew ISO 27001 certification, or comply with GDPR or other privacy standards in the regions you serve, we can help define, document, create audit checkpoints and data, and a review process of continuous improvement to keep you in good stead from an audit and regulatory perspective.