The standardized ERE methodology includes the following elements:

• Offer to sign a bilateral non-disclosure agreement.
• Adherence to the ISO 27001 / 17799 standard for security.
• Provide to a client a detailed statement of work, to clearly create a roadmap for audit activities.
• Provide a fixed price quote with the statement of work, in order to avoid price creep.
• Create a process timeline with the client prior to beginning the audit.
• Utilize a team approach to conduct an audit, with multiple sets of eyes to cross check work product.
• We read all client generated documentation relating to security, privacy and compliance, including the most updated network diagram, policy, end user agreements, training manuals, privacy incident reports, and earlier privacy and security audits.
• Complete external vulnerability assessment prior to commencing on-site audit.
• ERE consultants interview members of a client’s staff representing IT operations, compliance officers if relevant, end users, middle management and senior executives.
• Conduct a “walk-around” of the client’s IT technology room, and offices as required.
• Immediately inform a client during the audit process if we identify any serious problems requiring attention.
• Write and present the audit report.