Information Security Program Assessment

Service Description

CAG will assess the IT organization in terms of policies, procedures and practices as they pertain to access control, breach response and incident handling, change management, operational controls, organization controls, assessment, and various technical security measures. We will also assess conformance with best practices and any relevant regulatory requirements (e.g. HIPAA/HITECH, PCI, FISMA CIPv5, SOC 2/SAS 70/SSAE 16 etc.). Gap Analysis will be conducted.

Scope: To conduct this assessment, CAG will typically conduct up to three interviews and review any provided documentation. 

Our Methodology
  • Discuss scope
  • Kick-Off presentation or interactive workshop
  • Collect documents/reports and perform interviews
  • Review materials and perform analysis
  • Discuss initial findings
  • Develop formal summary with finding and recommendations
Our Deliverables

In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
• Gap Analysis with recommendations and risk mitigation options

REQUEST MEETING