Formal process for evaluating adherence to laws, regulations or policies of reference.
This analysis is carried out through a random sampling technique in compliance with ISO 1911:2012 and ISACA requirements then, providing evidence of compliance or non-compliance with the requirements.
There can be First (internal audits) and Second audits (for auditing suppliers or clients). Third Party Audits can be carried out in cooperation with Accredited Bodies providing internationally recognized certifications.
We can perform first and second party audits on the following schemes:
ISO/IEC 27001-Information Security
ISO/IEC 20000– It Service Management
ISO 22301– Business Continuity
ISO 9001– Quality
ISO 28000– Supply chain management
PCI DSS– Security of Payment card data
Cyber Security– to assess the Organization’s risk exposure
Privacy– to assess the level of compliance with law
We collaborate closely with the main certification bodies for Information Security Management Systems, Business Continuity and IT Service Management, also as auditors. Depending on the needs of the customer we manage the relationship with the entities for the contracting and planning of activities.
We perform PCI DSS compliance audits as defined by the PCI Council:
– Audit Level 1 – Completion of RoC and AoC attestation of compliance – Audit Level 1
– Audit Level 2 – Completion of Self Assessment Questionnaire with attestation of compliance via AoC signed by a QSA
– ASV Scan – as per requirement 11.2.2.
You can call us at +393496847531 to get to know us better