ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Audit Methodology

The standardized ERE methodology includes the following elements:

  • Offer to sign a bilateral non-disclosure agreement.
  • Adherence to the ISO 27001 / 17799 standard for security.
  • Provide to a client a detailed statement of work, to clearly create a roadmap for audit activities.
  • Provide a fixed price quote with the statement of work, in order to avoid price creep.
  • Create a process timeline with the client prior to beginning the audit.
  • Utilize a team approach to conduct an audit, with multiple sets of eyes to cross check work product.
  • We read all client generated documentation relating to security, privacy and compliance, including the most updated network diagram, policy, end user agreements, training manuals, privacy incident reports, and earlier privacy and security audits.
  • Complete external vulnerability assessment prior to commencing on-site audit.
  • ERE consultants interview members of a client’s staff representing IT operations, compliance officers if relevant, end users, middle management and senior executives.
  • Conduct a “walk-around” of the client’s IT technology room, and offices as required.
  • Immediately inform a client during the audit process if we identify any serious problems requiring attention.
  • Write and present the audit report.
 
 

Contact Us

905 764 3246

 
 
  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
   
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

http://www.apress.com/9781484201497

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

 
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button