IT Audit is our classical assurance service and aims at providing a reasonable assurance to external and internal constituents of an organization as to the confidentiality, integrity and availability of the information and information systems.
We provide review services for many regulatory requirements and standards like Sarbanes-Oxley Section 404, PCI-DSS, SAS 70, ISO 27001/17799 covering all IT related areas. We use COBIT and ISACA guidelines for carrying out audits. We typically review, analyse and evaluate and report on the following:
- IS organization structure and responsibilities.
- Network security and administration.
- Environmental, physical and logical access controls.
- Application functionality and controls.
- Operations management controls.
- Backup and recovery provisions
Each of the above components can be independently selected for audit, though effectiveness is best achieved when audited together. Recommendations to overcome the reported weaknesses and/or improvement of existing controls are always included in the audit report.
PCI-DSS Services
We perform gap analysis and the required testing, scans and review of controls as well as suggestions for remediation to achieve PCI compliance. Indeed we help in the remediation process and also arrange certification where successul. Please call to schedule a free discussion on PCI-DSS review or certification.
Our expertise is in the following application and infrastructure environments:
- Windows networks
- Unix and its flavours
- AS/400 systems
- SAP R/3
- MySAP ERP ECC 5.0 and later versions and BW
- BAAN
- Tally
- Sage
- Bespoke ERP, SCM and CRM systems
- E-commerce
|
