A Compliance Assessment examines an organization’s adherence to appropriate external IT standards mandated by regulatory or business practice regimes such as HIPAA, Sarbanes-Oxley, PCI/CISP, FERPA and others.
- Technology – Examine system configurations, access controls, user grouping, audit, and authorization systems for compliance with regulatory or business practice requirements. Report on gaps and recommend remediation steps.
- Policy & Practice – Examine the organization’s policy and practice documentation for compliance with regulatory or business practice requirements. Report on gaps and recommend remediation language and practices.