Osics professionals now part of the IAPSC community!
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.
A compliance assessment is really a gap assessment. You are looking to identify gaps between your existing control environment and what is required.
As part of our compliance assessment we will scope the project based on regulatory requirements and your current security posture. We walk through your current policies, interview personnel and make objective observations of your current status.
Additionally, if requested, we provide recommendations to help you remediate or mitigate those deficiencies.
Similar to the risk assessment, the compliance includes a gap analysis and vulnerability scan, but is strictly standard oriented. During the assessment we will verify findings and seek to validate the existence of controls that appear to be in compliance with the applicable standard. No supporting documentation or artifacts are created during this assessment.
Contact us for a free consultation to determine how we can help!