|
Compliance Assessments and
Audits
IT Compliance
Altius IT provides Information Technology
compliance audits and assessments to help
organizations meet standards and guidelines
including:
- Sarbanes Oxley - new and enhanced standards for
public company boards and management
- Gramm-Leach-Bliley Act - protect
personal financial information held by
financial institutions
- ISO 27001 - IT security
techniques and management
- ISO 27002 -
IT security techniques
& best practices security
management (previously 17799)
- HIPAA -
standards for health care
transactions, security, and privacy of
health data
- PCI -
Payment
Card Industry requirements
include
quarterly network security scans
Who Needs Assessments
Altius IT's compliance audits and assessments
are ideal for ensuring compliance mandated by:
- Industry regulations and requirements
- Clients and customers in regulated
industries
- Management responding to requests from
customers
- IPO ready organizations
- Organizations concerned about security
- Organizations in regulated industries
such as financial services and health care
- Firms working with the government or
large institutions
- Organizations that share and collect
personal and/or proprietary data
Audit and Assessment
50 Point Work Plan
Altius IT’s audits and assessments are
customized to meet compliance requirements. Our
services review and analyze 50+ different
subject areas including:
- Security Policies - ensure
security policy provides direction in
accordance with business requirements and
relevant laws, regulations, and standards.
- Organization structure - review
direction, commitment, assignment of
responsibilities, review external party
access and access controls.
- Asset management - ensure
appropriate protection of organization's
assets and information receives appropriate
level of protection.
- Human resources security - review
HR related policies and procedures prior to
employment, during employment, and
termination or employment change.
- Physical and environmental security
- review secure areas, access, and equipment
related security controls.
- Operations management - review
backups, anti-virus, e mail, licensing,
software patching, laptops, PDA’s, third
party services, media handling, etc.
- Access control - review and
identify access to information, user
responsibilities, network access controls,
operating system controls, and application
controls.
- Acquisition and development -
review and identify controls that prevent
errors, loss, unauthorized modification, or
misuse of information in applications.
- Incident management - review and
identify reporting of information security
events and weaknesses, review management of
information security incidents and
improvements.
- Business continuity - review and
identify controls to protect against
interruptions to business activities and
protect critical business processes from
effects of major failures.
- Compliance - compliance with
legal requirements, security policies and
procedures, and technical compliance.
Deliverables
Our deliverables include a report of our
findings as well as recommendations, and
a prioritized Action Plan. The entire Work Plan
takes from one week to as long as three months,
depending upon the scope. Please see the
Altius IT Roadmap
(AIR) for more information.
Certification
Upon completion of our services, Altius IT
provides a certification letter for distribution to
your customers, clients, and prospects. We
also provide you with the
Altius IT Secure Seal that can be prominently
placed on your web site. This provides peace of mind that sensitive information remains secure.
Why Altius IT
We are certified by the Information Systems
Audit and Control Association as Certified
Information Systems Auditors (CISA). Altius IT's experts provide outside,
independent assessments that
help organizations:
- Achieve compliance with industry
standards
- Develop strong relationships with your
customers
- Minimize business and IT related risks
- Reduce costs while ensuring information
protection
|
