We identify gaps between your current practices and standards
Auditing is a process of checking current practices against established standards, in order to identify shortcomings and take appropriate action. Audits can be carried out by external or internal professionals, depending on the company’s needs.
Audit objectives
Audit objectives may include, but are not limited to:
- Check that the systems are capable of maintaining data integrity and availability, and helping to achieve the organisation's objectives
- Detect or prevent undesirable events by ensuring that appropriate internal controls are in place
- Identify discrepancies between what should be done according to standards and what is done
- Checking the performance of automated information systems in an organisation
Our services
Our expert auditors follow the guidelines outlined in the ISACA Code of Professional Ethics. We start by identifying and analysing your business objectives to ensure that your security requirements are aligned and risk-based. Our risk-based audits help optimise efforts on pain points.
Types of audits performed:
- Audit of the information security organisation
- Audit of business, operational and IT processes
- Audit of Web applications
- IT architecture and infrastructure audit
- Configuration audit
- Compliance audits (ISO/IEC 27001-2, CoBiT, PCI-DSS, HIPAA, NIST, etc.)
- Application code review
Our risk-based audit uses a methodology based on ISACA standards, guidelines and best practice. The diagram above shows the different steps used by our auditors to carry out IS audit projects. These steps are adjusted according to the security requirements defined by our customers.
The audit tools used by CAPTOSEC certified auditors include:
- Questionnaires
- Interviews
- Matrix of orders
- Standards
- Frameworks
- Specific software
- Audit Charter
- Audit planning
- Recommendations for corrective action
- Verification report
- Evidence collected