Third Party Audit
Many of the Customer organizations requires a degree of
assurance that the project or the assignment has a well-established
internal control framework that is operating effectively. And also
new regulations, regulatory authorities and supervisory boards also
demand for specific controls over outsourced procedures, which is
essentially statutory requirement for the Customer.
As a part of the Security Framework self audits are conducted
on a regular basis to showcase security posture and provide
assurance to customers. For example AnnuaL VA/PT Assessments for
critical network and infrastructure elements , Configuration audits
and periodic Network Assessments like Data Security , Netwok
Security and NIST based reviews are conducted across the
organisaton
To address the customer contractual commitments or regulatory
needs the Risk and Compliance team coordinates with the external
auditing firms to conduct second and third party audits like
| ISAE 3402 |
Assurance of controls that could impact financial
statements(Customer specific) |
| SOC2-Type I, Type II audits |
SOC 2- Assurance of IT controls based on 5 Trust Services
Principles(Security, Availability, Processing Integrity,
Confidentiality, Privacy) |
| PCIDSS |
Payment Card Industry Data Security Standard Assessments
- Applicable only if credit card data is accessible / visible to
the associates or based on self-assessment questionnaire – based
on applicability , type of services provided |
| HITRUST Certification - HIPAA |
Protection and security standards for health care data |
| NIST 800 35, 71 |
Cyber security framework for Service providers engaging
with federal agencies |
| APARA-CPS 234 audit |
Security Regulations mandated by Australian Prudential
Regulation authority(APRA) |
The activities include initiation of the Audit Service
Procurement , Facilitation of the meeting between Auditee (Delivery
stakeholders ) and Auditors , ensuring smooth audit completion.
Inaddtion if there are any Information security observations are
highlighted in the report the compliance team will facilitate the
implementation of the controls to close the gaps and mitigate the
risks involved.