IT Audits

Identifying problem areas in your technology environment

Pratum’s IT audits are conducted using common security controls, frameworks and industry best practices. These audits provide insight into potential gaps in processes and procedures in technology environments. Pratum’s consultants provide expert opinions on how effectively controls are designed and how efficiently they are working. With this information, organizations are able to make changes to their administrative, physical, and technical controls to better meet business goals, reduce risk, and save money.

People, Processes, and Technology

IT Audits

Standards and Controls

  • NIST Special Publication 800-53
  • ISO 27001
  • FFIEC
  • HIPAA
  • PCI

Audits

Pratum’s audits provide a close view into an organization’s information security posture, risk management, controls, and compliance with security requirements. Audits are designed to identify information security gaps so that the organization can take steps to reduce risks and continually enhance their controls, processes and procedures.

An IT Audit with Pratum

Pratum focuses on helping to improve each organization’s security program throughout the audit process. An Pratum IT Audit identifies risks and provides recommendations for addressing these risks, helping organizations to make informed decisions about enhancing their overall information security program.

During an audit, Pratum consultants interview an array of employees throughout various departments (i.e., HR, IT, Compliance) in an organization. These interviews deliver insight that goes beyond technology and into the heart of the business.

Pratum uses the responses from the interviews to help validate the controls described in policies and procedures. Once the controls have been reviewed, they are then assessed to determine whether they are meeting the intended purpose as described in the policies and procedures.

When to perform an IT Audit:

After Completion of a New Project

Give your new project the best chance to survive.

Adding a New Service

Introducing a new web app or hosting environment can introduce new vulnerabilities.

Needing Help with Compliance Regulations

Are there rules or regulations that require you to receive an annual audit?

Vendor Management

Your organization is only as secure as its 3rd party vendors.