With over 22 years in the IT Industry, Assero Security has built a Security Practice advocating a defense-in-depth strategy. We review current administrative, physical and technical security controls protecting sensitive information and mission critical systems. We utilize a three-step approach to performing an Internal Security Controls Review (ISCR); Data Gathering, Control Analysis and Control Mapping.
INFORMATION Security Controls Review
Why do an Information Security Controls Review (ISCR)?
If you hold a customer’s sensitive data, work with a public company, or are a regulated company you need an Information Security Controls Review (ISCR) to reduce risk and comply with regulations and contractual obligations.
What does an ISCR provide?
An ISCR reviews your companies controls based on industry accepted standards, NIST and COBIT control sets. This review creates an industry standard report that can be shared with your current and potential customers that most RFP and Security Questionnaires require. It also provides an internal 3rd party unbiased review of your current controls and a report that can be given to service providers or internal departments to address.
What drives an ISCR?
Your customer, prospect, or business partner drives the requirement of conducting an ISCR. This can be in the form of an SAQ, RFP, or contractual SLA.
What’s the relationship of an ISCR to an SSAE 16?
Oftentimes organizations attempt a SSAE 16 audit only to find their controls are so far from requirements that the project gets put on hold and money wasted.
An ISCR is a good first step towards an SSAE 16 certification.