Tag Archives: audits

Tech Audits

Tech, , , , , , , , , , , ,

What systems do security and availability audits cover? A fair question!

Well, the hard truth is that it is your responsibility to identify this as a system owner; and not the duty of an auditor. Don’t sit around waiting for auditors to show up and expect them to answer this question.

Simply put, everything and anything within your ecosystem that may interrupt business continuity should be part of the audit. This can easily include systems that do not even reside in your ‘PROD VPC’, or even be tagged as ‘Production’.

You’ll be surprised how many times it comes down to a small neglected server that sits in the corner and very few folk know about, yet holds a critical role in your supply chain processing, or mailing important notifications and updates to clients.

Do a true/practical risk assessment, identify your systems, minimize your exceptions, properly document your findings, and present them as the lay of the land; your auditors will be very thankful.

Security Assessments

Tech, , , , , , , , ,

The deal with security compliance assessments and certifications is not just about that annual or bi-annual point in time, during which auditors certify your establishment as compliant. It’s about whether your organization and all of its individuals follow security guidelines and best practices as outlined in the assessment during their day-to-day operations.

Remember: Once auditors issue a compliance certificate and leave your office, from that point forward, your security is as good as your staff’s training, and discipline to follow security controls.

This is an everyday thing; not once or twice a year thing!