The Audit Readiness Episode
Transcript
-
Where do you start with an audit?: The process typically begins when an organization is required by one of its clients to get audited. The first step for the organization is to understand its own environment: its systems, software, and inventory of what needs to be protected. This is an all-encompassing process that includes physical security, software, data, and even the people within the company.
-
What do companies want to know about audits?:
-
Companies often start with fundamental questions like, “What is a SOC 2?” or “What is PCI?” They may not even understand what their client is requesting and need guidance on where to begin.
-
Audits are needed across all industries, including healthcare, manufacturing, software development, banking, and finance. There is a compliance framework for nearly every sector.
-
Small and medium-sized businesses often mistakenly believe they are too small to be a target for cyberattacks. In reality, they are often the primary targets, and a breach can be devastating due to loss of revenue and reputation.
-
-
What problems have you encountered?: A common issue is that while an IT department may be implementing appropriate cybersecurity measures, they often lack the formal policies and procedures to document them. In other cases, companies may not have best security practices in place at all, leaving them vulnerable. For example, some organizations have been found with unencrypted client information that could be exposed to the internet.
-
How do you start an audit?: The process begins by gathering baseline information, such as discussing critical third parties, vendors, and whether the company is cloud-based or self-hosted. This is followed by a kickoff call to discuss the successes of previous clients and outline the audit process. The goal is to act as a partner to guide the company, especially through its first audit.
-
Success stories: The most rewarding experiences involve returning to a company for a subsequent audit and seeing a complete transformation in their culture of security and compliance. After the first audit, they move from being vulnerable and unprepared to being excited about finding new opportunities for improvement and are proud to show off the great work they’ve done.
Notes
Show notes: The Audit Readiness Episode
KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission
At KirkpatrickPrice, you’ll have a partner guide you from audit readiness to final report so you get the assurance you deserve. Ready to learn about how we can help your business to meet your challenging security and compliance goals? Connect with an expert.
Learn about the common frameworks:
SOC 1
https://www.youtube.com/watch?v=4bvT5zGXMRQ
SOC 2
https://www.youtube.com/watch?v=eWO9Ql4w4gY
PCI DSS
https://www.youtube.com/watch?v=mlqsv6bPo_s
HIPAA
https://www.youtube.com/watch?v=Vak79kIt1Uc
ISO 27001
https://www.youtube.com/watch?v=sYO-WvJh1No
HITRUST
https://kirkpatrickprice.com/audit/hitrust/
NIST
https://kirkpatrickprice.com/audit/nist/
Readiness Resources
Upload your security policy for a 20-point check
https://explore.kirkpatrickprice.com/information-security-policy/explore
Schedule a risk assessment workshop
https://explore.kirkpatrickprice.com/workshops
Run a free cloud security posture assessment scan
https://explore.kirkpatrickprice.com/aws/audit
Send a Question
Do you have a question for our podcast? Send it to us here.