A structured review designed to highlight any gaps between the current reality of an organization’s information security capability and recommended industry standards. It is conducted as a questionnaire which contains a technical evidence & interview-based audit which covers two broad areas.
- Business Operations Information security
- Technical Security
Softaxa produce a report which includes a maturity level rating with recommendations on how the organization can improve in each area. The Audit Covers the Following Points
- Leadership and Governance
- Information Security Strategy
- Information Security Policy and Objectives
- Roles and Responsibilities
- Data Protection and Management
- Information Security Incident Management
- Cyber Risk
- Physical and Environmental Security
- Human Resource Security
- Business Continuity & Disaster Recovery
- Patching and Vulnerability Management
- Handling of Information Assets
- Access Control and Data Classification
Softaxa offer follow on consultancy services after the High-Level Security Review to help implement some or all the recommended actions such as :
- Implementing policies, processes and defining roles and responsibilities
- Supporting efforts to meet regulatory standards
- Providing Virtual Information Security Officer Services