IT Policy and Procedure Review

IT Policy and Procedure Review

Canaudit provides a variety of advisory services to assist internal audit departments with their policy and procedure review needs. A policy that governs information technology systems is necessary to minimize risks and maintain organizational control of information.

Regulatory agencies require incident response protocols that are actionable. In many cases, these agencies hold organizations accountable for data breaches, often requiring detailed information on remediation steps and preventative measures. Therefore, it is crucial to create a framework that will ensure an organization can withstand the complexity and sophistication of repeat attacks and the regulatory requirements associated with a cyberattack.

  • IT Policy and Procedure Review
    This analysis will review policies and procedures relating to incident detection and response, incident investigation and forensics, mobile devices, device commissioning and decommissioning, data classification, vendor contracting, vulnerability identification and mitigation, help desk ticketing and patching.
  • IT Policy Drafting
    Canaudit can help create IT policies to ensure they comply with the governing authorities and adhere to industry best practices.
  • IT General Controls Review
    IT general control reviews are designed to assess an organization’s policies, processes, procedures, structure, software and hardware in order to identify risk and potential areas of exposure. Canaudit will interview with key staff, review the existing organizational documentation and perform a technical review of the existing organizational software and hardware.