When needing
to show you meet a given standard, such as PCI-DSS, SOX, HIPPA, FISMA, HIPAA, BASEl II, COBIT or any other that
your organisation cares about, even your own internal standards, you need to
conduct a Compliance Audit.
Most often an audit consists of demonstrating compliance to a combination of
internal and external standards.
A Compliance
Audit is conducted to ensure a network and all of the assets deployed on
it (servers, firewalls, switches,
etc.) are in an agreed ‘good’ state of configuration. Good being defined by
whatever standard you need to comply with.
Performing a Compliance Audit
Compliance
auditing is usually conducted against a live system, by an auditor with full
access to the network so they can acquire correct results. The audit is
performed mainly with the use of automated tools, however some manual
assessment of compliance is always required, to ensure complete and efficient
auditing.
A
comprehensive Audit Report will
be provided that shows whether compliance has been achieved. If not, then
guidance is given on what needs to be corrected and a follow-up audit
performed.
When the
audit shows compliance is achieved, the auditor will provide a clear
notification and detail the supporting evidence. This can then be used by you
to inform the external party who require you to demonstrate compliance.
Mark.
Mark.
Liked this post?
Say thanks by Following the blog or subscribing to the YouTube Channel!
