IT compliance, otherwise called IT audit, is a set of special audit activities aimed at obtaining an independent assessment of the current state of the information infrastructure, information security, information systems and business processes of the organization.
IT compliance is carried out to meet the audit benchmark criteria, which are the company's internal policies or external requirements. The need to comply with these requirements is determined by industry legislation, as well as corporate or international standards in the field of information security.
Audit evidence obtained during the assessment of infrastructure, systems and processes is compared with reference criteria, on the basis of which qualified conclusions are drawn and an audit report is issued.
Despite the fact that the most discussed in the press hack cases were caused by vulnerabilities in the software itself, most often the perpetrators of hacker attacks are “vulnerabilities” of human behavior. Over 80% of cases of hacking information systems have become successful due to the human factor. The possibility of a person making erroneous decisions in specific situations is due to ignorance, ignoring or abusing established rules for using information technologies, which were created to prevent such cases.
Strict compliance with the information security policies significantly increases the company's invulnerability in front of the face of actual cyber threats.
Specialists of our company will improve the developed management processes, identify implicit risks and develop effective recommendations for reducing them to an acceptable level.
IT audit types
- IT audit for compliance with the requirements of the regulator of the banking financial and credit sphere.
The benchmark audit criteria is the full range of special requirements of the Central (National) Bank, expressed in the form of active regulatory acts, binding on each bank and other non-bank financial institutions.
- IT audit for compliance with special internal and external requirements.
Evaluation criteria for conducting this type of audit are often internal corporate requirements for managing IT processes, qualifications of IT and information security staff of departments, and information security developed both independently and as a result of specific operating conditions for critical IT solutions imposed by an external vendor.
- IT audit for compliance with the best world practices and international standards.
The benchmark criteria are national and international standards, collections of proven practice recommendations and frameworks of international professional associations such as: ISACA (COBIT5), AXELOS (ITIL / ITSM) or BSI (ISO / IEC 20000). As well as the specific requirements of standards in the field of information security: ISO / IEC 2700x, SWIFT, PCI DSS, NIST SP-800, OWASP, SANS / CIS and others.Contact us