The Compliance Readiness Gap Assessment combines our assessment and audit services to focus on a comprehensive assessment solution, which offers an understanding of your organization’s compliance requirements and challenges, identifies gaps and establishes tactical and strategic roadmaps.
As a customized service designed to perform regulatory compliance testing prior to a third-party audit, the gap assessment identifies control gaps and provides audit planning, onsite support, tracking and reporting on control remediation and pre-audit planning meetings with the third party auditors.
As part of an ongoing assessment and remediation life cycle, or as part of compliance monitoring, this service is offered as a stand-alone, quarterly, or ongoing assessment of an environment and includes compliance experts during the actual audit testing to address auditor support demands and ensures that audit testing remains within the desired scope by acting as a compliance expert advocate for your organization.
Similar to the other security assessment methodologies and tools, the Compliance Readiness Gap Assessment builds on the BestIT Security Assessment approach of combining technology and expert professionals to provide the Gap report. The report includes the same format but is focused on comparing compliance gaps against the appropriate compliance baseline with risk and impact analyzed against the ability of the organization to provide effective evidence to an auditor that proves compliance.
Findings on control effectiveness and defects are documented and a report on total compliance is generated. A compliance success plan is also delivered complete with an “ongoing compliance strategy and lifecycle, remediation plans with milestones objectives, and critical timelines. A retesting scope can also be included which provides future control testing asremediation objectives and timelines are met.
Our experts are also available to work directly with the third party auditor to ensure that audit scopes do not unnecessarily change and to ensure that the audit process is streamlined and to provide direct support to your organization as a compliance expert throughout the audit. Specific tools will vary depending on the specific compliance standard, applicable scope, and the complexity of the environment, but usually include the same security assessment tools mentioned above such as Nessus, Nexpose, NMAP, and other discovery and enumeration tools. DTSearch may also be used to discover previously unknown data repositories that are (or should be) governed by the specific compliance requirements. The overall objective is to provide an audit experience devoid of “surprises”.