Areas of Practice
ISO 27000
The ISO 27001 certification process consists of several stages and types of audits, including internal and external audits. The lead auditor is responsible for developing the audit plan. Internal audits include a formal internal audit and management review. External audits include Stage 1 and Stage 2, Surveillance, and Recertification audits. Nonconformities refer to instances where the management system does not meet the requirements specified in the standard. Addressing ISO 27001 nonconformities is crucial for maintaining the integrity and effectiveness of the ISMS. Organizations should remediate nonconformities promptly and effectively.
Business Continuity and Disaster Recovery
In todays digital world maintaining operations in the face of incremental changes as well as sudden disruption is an enterprise-wide goal that is facilitated through business continuity programs. Given the requisite participation of all operational functions across the organization in these programs, IT audit has an opportunity to leverage its detailed knowledge of the enterprise’s applications and systems and business operations. To address the enterprise-wide nature of business continuity, these programs have several components such as governance, business impact analysis and communications. During the global pandemic, however, the scenario planning and testing component was particularly highlighted.
Data Privacy & Protection
Data privacy and protection is instrumental in today’s digital economy. The GDPR defines an array of legal terms at length. An experience audit firm can your organization understand the key legal terms and consequences not adhering to EU GDPR practices. Key terms are, Personal data, Data processing, Data subject, Data controller, Data processor.