The NSA IT Security Audit process verifies the implementation of IT controls identified by your organization's risk assessment, or relevant regulations, as part of your IT security program for mitigating risk.
Our information technology audits are designed based on regulations and guidance from:
The IT Audit process involves collecting and examining documentation related to the organization's practices and procedures, data related to technological controls, interviews of key personnel, walkthroughs of physical locations, and any other resources that impact the effectiveness of the security program. These resources are leveraged to verify that the existing controls adhere to the organization's risk assessment, best practice standards, and applicable regulatory compliance.
NSA's expert analysts thoroughly document each step of the process in order to provide a clear audit trail for compliance reporting. Additionally, our methodology supports the ability to archive critical data to support the audit conclusions while maintaining accurate audit trails.
Some of the services in the NSA IT Security Audit include:
NSA Information Security Analysts (ISA) conduct the independent verification by reviewing the relevant documentation and performing interviews/walkthroughs.
Documentation includes the policies, procedures and checklists that define and/or support the IT controls. The interviews and walkthroughs, which are conducted with key personnel from the organization, are performed to validate adherence to the documented policies & procedures, as well as to corroborate the practices described during the interview process.
The IT Audit results are provided in an extensive report containing:
“NSA came in and dealt with infrastructure, vendor and personnel challenges that had us bogged down for years. NSA’s influence changed the direction of our company and set us up for a fifty fold increase in business.”
- Statewide Provider of Medical Transportation Services