
Completing Your Post IT Audit Homework
So you took all the steps to prepare for your technology and cyber audit, and you still received findings. That is to be expected! Most organizations come away with findings post-audit as there is always room for improvement. It can be especially overwhelming to prioritize the findings, especially if your firm comes away with a long list of action items.
Common findings after a technology and cyber audit include:
-
Missing policies: Password policies or Access Control policies
-
Complying with the rules, but not providing proper documentation to verify that you are doing so
-
Providing non-specific timelines in your documentation
-
Documentation lacking how you measure and track remote testing, training and scope
-
Inaccuracies in products, service descriptions or deliverables
-
Complying with the rules, but not providing proper documentation to verify that you are doing so
-
Providing non-specific timelines in your documentation
-
Documentation lacking how you measure and track remote testing, training, scope
Where should your firm start with the findings? How much will it cost? What is necessary and what is considered inessential or overkill? These are all valid questions we hear every day from firms after an independent audit.
Having a trusted partner or vendor to guide you through the remediation process can help your firm:
-
Prioritize findings
Help your team discern what findings are valid and necessary, and which are overkill
-
Recommend security actions
There are a variety of safeguards to implement, Eze Castle Integration can help determine what is practices are necessary for your firm
-
Determine ownership
Help you organize a cross functional team within your organization
-
Determine timeline
Assist to develop a realistic timeline to complete the remediation process
-
Determine cost and resources necessary
Assist with a budget and help find the resources necessary to complete necessary action items
-
Execute and maintain the remediation
Implement the remediation plan using all the resources above
For more information or guidance after an independent IT audit, contact Eze Castle Integration for a consultation.