IT Audits
What is IT auditing?
Whether carried out internally or by independent external auditors, IT audits should provide objective assurance of corporate IT governance, risk management and/or compliance activities.
This will help demonstrate that your organisation is meeting its legal and regulatory obligations in line with its business objectives, or – if it is falling short – inform a programme of improvement.
IT audit and risk management
IT audit standards
ISO 27001 is the international standard for an ISMS (information security management system) – a systematic approach to organisational security that encompasses people, processes and technology. Compliant organisations can achieve certification to the Standard to demonstrate that they are following best practice. Part of the process of demonstrating compliance with the Standard is carrying out internal audits at planned intervals.
SOC 2 (Service Organization Control) audit reports provide detailed information and assurance about a service organisation’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). The TSC are an industry-recognised, third-party assurance standard for auditing service organisations such as Cloud service providers, software providers and developers, web marketing companies and financial services organisations.
The Center for Internet Security (CIS) Controls are a prioritised set of 20 actions designed to mitigate common cyber attacks on systems and networks. There are six Basic, ten Foundational and four Organizational controls, ranging from creating an inventory of hardware assets to carrying out penetration testing.
ISACA® (formerly the Information Systems Audit and Control Association) is an independent non-profit organisation. Its CISA certification is an internationally recognised qualification for information systems audit control, assurance and security professionals. IT Governance is the exclusive approved reseller of ISACA publications and offers a complete range of CISA products, including study guides and training, designed to help you pass the CISA exam at the first attempt.
Build your career as a lead auditor, lead a team of auditors and gain the skills to achieve compliance with ISO 27001 with this five-day course. By attending and passing the course exam, you will achieve the ISO 27001 Certified ISMS Lead Auditor (CIS LA) qualification.
Learn more about the Certified ISO 27001 ISMS Lead Auditor Training Course
Learn how to drive continual improvement of your organisation’s ISMS, how to identify opportunities for improvement and take corrective action to maintain conformity to the ISO 27001 standard with this certified two-day course. By attending the course and passing the exam, you will achieve the ISO 17024-certificated ISO 27001 Certified ISMS Internal Auditor (CIS IA) qualification.
Learn more about the Certified ISO 27001 ISMS Internal Auditor Training Course
ISO 27001 Internal Audit Service
Part of this process is internal audit, which must be carried out at planned intervals in accordance with Clause 9.2 of the Standard.
Our ISO 27001 Internal Audit Service provides a two-day audit of your organisation’s ISMS by a qualified auditor.
Cyber Security Health Check
It will provide you with a concise and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice to provide recommendations for reducing your cyber and compliance risks.