Security Audit (ISO 27K, PCI, Basel III, SOX)

Although SpotIT cannot issue you with an ISO 27001 certificate, we do have ISO 27001-certified engineers who can help you prepare for an ISO audit. We believe security audits should be more pragmatic: rather than just another book on your shelf, what you need is an audit that results in a concrete action plan to improve your information security.

That’s why SpotIT uses a combination of the COBIT (Control Objective for Information and Related Technology) framework and legally required standards (ISO, SOX, NIST, etc.) to prepare the audit. COBIT allows us to compare the information security maturity in your organization with industry averages and your own goals, so that we can draw up an Information Security Action Plan (ISAP) to raise your organization’s level of information security maturity.

This ISAP is combined with your legally required standards to create a Written Information Security Plan (WISP). Not only does the WISP contain your security policies, but it also helps your end users to comply with these policies by providing them with all information they need for this in one document, including examples to help them understand the information on security policies, templates for reporting information security incidents, and so on.