Assurance services and Cyber security compliance
Cybersecurity compliance is an increasingly important process that different actors across various vertical industries are looking for. Compliance can be determined by verifying and testing procedures, policies or product specific security controls against legislation, international accepted frameworks and/or requirements as a result of a security risk analysis. Assurance services are professional assessment services that perform audits according to international accepted assurance audit standards, such as ISAE 3000. The delivered Assurance Report could provide you with international recognition of the security status of your organization or developed products. That makes a difference! Furthermore you receive an independent qualified opinion of an expert that helps you to improve your security level in the organization, for your products and/or your services.
The Assurance Report describes the results of the cybersecurity investigation and draws conclusions regarding compliance with the considered set of criteria. Assurance Reports are signed off by a certified auditor which confers them more international recognition. Secura believes that providing an independent qualified opinion of an expert gives comfort for the involved people and organizations, proves complianceand addresses shortcomings or considers points for improvement.
Depending on the scope of the assurance service, the delivered reports can be further identified as a Type I or a Type II report. Type I reports provide assurance on the general suitability of the design and the implementation of security controls according to the identified criteria, while Type II covers the opinion about the design and security controls effectiveness during a certain period.
Assurance services can cover a very broad range of products and services, such as Information Security Management Systems (ISMS) for organizations, security of cloud based solutions, Privacy compliance, security of physical devices (medical devices, ICS products, IoT devices, etc.) as well as operating systems and software applications.
Secura is an organization that has its focus on security for many years, with experts in every aspect of security such as People, Process, Organization and Technology. We have broad experience in working with a lot of international standards and best practices like the NIST standards, SANS and OWASP best practices, ISO standards, Cloud security standards (CSA) and control frameworks. Assurance investigations are an important part of our services where our teaming is based upon expertise to deliver high quality results and involvement of certified auditors. We make the difference by getting the assurance question straight, define suitable criteria, preparing of the auditee, operate independently and taking responsibility to conclude with a qualified opinion according to the assurance audit standards.
An Assurance investigation follows a standard process. Starting with a preparation phase to finalize scope and applicable criteria. We work with you in selecting the best assessment criteria, tailored for your specific use case, as well as your users’ interests. Furthermore communication with and preparation of the auditee, responsible for the subject of matter, is an important aspect of the Prepare phase. In the Execute phase we perform our audit work. Our team is built on expertise and experience relevant for the engagement. The findings are verified with the auditee and reviews are done to guarantee the quality of work. In the Report phase we write the Assurance report type I or II according to the requirements of the audit standards.
A draft version is usually checked with the client or responsible employee. After receiving the confirmation letter we publish the final report. The engagement is than completed with an evaluation where we discuss the process, outcome and relevant best practices to follow-up findings.
For many more details regarding assurance services, Assurance Reports types, applicable domains and criteria, as well as our range of offered services, please consult our dedicated assurance services factsheet.