Ensuring Your Systems Are Effective
Effective auditing requires competence and knowledge of best practice and applicable standards. CentriVault audits helps ensure your systems are effective & compliant.
New regulations, like GDPR, have stiff penalties in case of a breach or hack resulting in lost personal data. One way to mitigate this for your business is to demonstrate you have taken the necessary steps to protect personal data as best you can.
An information security audit can begin that process off and help you to understand your gaps in how you deal with risks, vulnerabilties and threats. Sometimes it can be overwhelming in what to do first and how best to approach it - our certified auditors can help assist you in that process.
We also work with Certification Bodies to help certify or re-certify you against standards such as ISO 27001 or Cyber Essentials as our team contain qualified Internal and Lead Auditors.
Whats involved in an audit?
CentriVault has access to a team of certified and experienced information security auditors who can assist your business.
The typical areas we help assess and audit against include:
Cyber risk governance
Training and awareness
Legal, regulatory and contractual requirements
Policies and information security management system
Business continuity and incident management
Technical security controls
Physical security controls
ISO 27001 Audits
The purpose of undertaking an audit process is to ensure that the organisation has taken every
appropriate precaution to verify the effectiveness of its information security management
system (ISMS) against the requirements of ISO 27001 and the organisation’s own requirements
for the ISMS.
CentriVault can undertake internal audits and gap analysis for you. The internal audit requirements are stipulated in Clause 9.2 of ISO/IEC 27001. We have certified auditors who work with Certification Bodies so can advise on what will be expected during Stage 1 or Stage 2 Audits.
We can assist in building up your audit schedule, prepare audit checklists, develop audit processes, perfom interviews, audit suppliers, identify noncomformities or opportunities for improvement.
For guidance on our internal audit process, to the right provides a basic flow.
As part of the oncoming roll out of CyberSure audits, CentriVault has been selected as the Lead Auditor organisation.
The audit process covers two distinct areas; assessing secure behaviours and testing technical systems meet with today's threat landscape.
This process will involve external vulnerability scanning to identify any weaknesses which could be exploited. For this exercise, we ensure that we only use persons with a minimum qualification of EC-Council Certified Ethical Hacker (CEH) certification.
For further information, visit CyberSure.