Technical Compliance Advisory
The technical compliance world can be daunting. There are several frameworks, affectionately referred to as the “alphabet soup of the tech world” that can be implemented across your organization. We help you assess what you actually need and manage the implementation of the framework from cradle to grave.
IT Sarbanes Oxley (SOX)
IT SOX testing is required for publicly traded companies. Quarterly and annually, your external auditors are required to attest to your technical controls within your companies’ Q’s and K’s that are filed with the Securities and Exchange Commission (SEC). We operate as your internal auditors as well serve as managements’ advisors for all items related to IT SOX.
SOC 1
SOC 1’s are commonly required during company due diligence processes for many publicly-traded companies. A SOC 1 provides your customers assurance that you have adequate internal controls in place that impact their financial reporting. SOC 1’s are most relevant to companies that provide financial services, billing, or payroll to customers.
SOC 2
SOC 2’s are also commonly required during company due diligence processes due to the general increase in cybersecurity concerns around the globe. A SOC 2 provides your customers assurance that you have cybersecurity controls in place and are handling their data properly. SOC 2’s are relevant to most SaaS providers that handle data.
General IT and Cybersecurity Frameworks: NIST, CIS 18, ISO
As the technical world evolves, executives want assurance that technology controls and/or cybersecurity are effective across their organization. There are a few general security frameworks that can be documented and tested to obtain assurance around your IT and cybersecurity programs and assess their overall maturity.
International Organization for Standardization (ISO)
ISO standards are internationally agreed upon guidelines and specifications developed by experts to ensure products, services, and systems are safe, reliable, and good quality. While we are not external assessors for ISO certifications, we act as your advisor and implementor of controls.
Payment Card Industry Data Security Standard (PCI-DSS)
PCI-DSS is a global set of security standards and requirements for any organization that stores, processes, or transmits cardholder data. While we are not external assessors for PCI-DSS attestations of compliance (AOC’s), we act as your advisor and implementor of controls.
Federal Financial Institutions Examination Council (FFIEC)
FFIEC is a U.S. government interagency body that sets uniform principles, standards, and reporting forms for examining financial institutions to ensure consistent supervision across federal and state regulators.