Who Needs this Service
Accreditation against a standard like ISO 27001 or attestation of compliance with a standard like SOC2® Type 1 or 2 is often pursued by companies whose clients or investors insist on a specific demonstration of security.
What are the Goals of the Service
Our objective in providing Audit Preparation services is to help organizations achieve accreditation or attestation efficiently. It is easy to invest significant resources in audit or examination preparation. We aim to leverage our access to standards documentation, familiarity with control frameworks, and experience with assessment processes including audit, examination, and diligence to accelerate your accreditation/attestation while concurrently reducing your business risk by improving your security posture.
What is the Service
The service begins with a conversation about where you are in your audit cycle and readiness.
For teams who have previously achieved accreditation or third-party attestation with their target standard, the service can be one of coordination and mediation with the auditors. This frees the CISO, Compliance Officer, or other certification process owner to focus more on their other tasks while the audit or examination is performed.
For teams who have not previously achieved accreditation or third-party attestation with their target standard, the service tends to resemble a combination of mapping existing controls to the target standard and developing a gap assessment. Gaps and assessed major insufficiencies are then used to develop a roadmap that our client can use to achieve their desired certification.
Business Outcomes
The business benefit of achieving compliance is primarily the ability to influence prospects to become customers. The secondary benefit is that gaps in your security control framework are identified and closed. If clear security gaps are present that are not identified as control gaps, these should of course be closed as well.