Logo EthiSecure

Audit and Compliance Services

We accompany organizations during security-related audits. We also provide consulting services to plan, support and execute pre-audit and compliance activities related to various information security-related frameworks such as ISO 27001, PCI DSS, HIPAA, NIST and SOC 2.

Pre-audit & Accompaniment

Adequate preparation for a successful security audit commonly begins with a document review, to ensure that all requirements are captured as obligations by your staff, in order to demonstrate that “you say what you do”.


The next step is to measure how well “you do what you say”, by assessing adherence to the documented ruleset through observed behaviours and implemented controls, generally followed up by an alignment process to address any gaps.


With sufficient preparation, the third and final phase (the external audit) should hold few surprises in terms of material findings requiring remediation efforts.


EthiSecure helps organizations attain security-related certifications through the Quebec Cybersecurity Innovation Program (QCIP), via the PROMPT incentive program.


Benefits:

  • Ensuring adequate documentation;
  • Checking compliance levels before audits;
  • Preparing staff and accompanying auditors;
  • Assuring post-audit remediation.


We are experienced in pre-audit preparation and audit accompaniment.  Pertinent certifications and certificates held by EthiSecure staff include:

Certified Information Systems Auditor (CISA) - ISACA

Certified Information Systems Auditor (CISA)

ISACA
ISO/IEC 27001 Lead Implementer - PECB

ISO/IEC 27001 Lead Implementer

PECB

Regulatory Compliance

Complying to local privacy and security-related laws and regulations like Quebec Law 25 (Act Respecting the Protection of Personal Information in the Private Sector, preceded by Bill 64) and HIPAA (applicable to the healthcare industry in the USA), to industry standards such as PCI DSS (for security handling credit card information) and NERC (applicable to North American electrical grid operators), or to an organization’s own set of defined controls (such as those published through SOC 2 reports) is business-critical for an increasing number of organizations.


Outsourcing external assistance to meet regulatory requirements can be a cost-effective means of reaching compliance objectives and reaching new markets.


EthiSecure helps organizations meet recognized security-related standards through the Quebec Cybersecurity Innovation Program (QCIP) tax-credit incentive, via the PROMPT funding program.


Benefits:

  • Identifying applicable laws and regulations;
  • Meeting regulatory requirements;
  • Getting processes and environments certified;
  • Safeguarding and monitoring personal information.


We are experienced in regulatory compliance.  Pertinent certifications and certificates held by EthiSecure staff include:

Certified Data Protection Solutions Engineer (CDPSE) - ISACA

Certified Data Protection Solutions Engineer (CDPSE)

ISACA
Certified Information Privacy Professional/Canada (CIPP/C) - IAPP

Certified Information Privacy Professional/Canada (CIPP/C)

IAPP

Outsourced Internal Audits

Internal audits are required in order to meet ISO 27001 and HIPAA compliance and certification requirements.  As audits are expected to be performed by disinterested parties, Internal audits are also effective means to independently assess adherence to internal and external requirements such as organizational policies and adopted standards.


An independent internal auditor can help an organization meet audit objectives, by managing the entire process and tracking progress, minimizing impact on team members:


Benefits:

  • Relieving staff from additional responsibilities;
  • Ensuring impartiality during validations and verifications;
  • Checking compliance levels before external assessments;
  • Getting recommendations for remediating findings.


We are experienced in internal audits.  Pertinent certifications and certificates held by EthiSecure staff include:

Certified Information Systems Auditor (CISA) - ISACA

Certified Information Systems Auditor (CISA)

ISACA
ISO/IEC 27001 Lead Auditor - PECB

ISO/IEC 27001 Lead Auditor

PECB
Certified IPC Management System Auditor (CIMSA) - PECB

Certified IPC Management System Auditor (CIMSA)

PECB
Certified Management Systems Auditor: ISO/IEC 27001:2022 - MSECB

Certified Management Systems Auditor: ISO/IEC 27001:2022

MSECB

Internal Control Definition & Review

Internal controls are introduced to better ensure adherence to defined processes. While automated controls can be relied upon with high levels of confidence, implementations need to be validated and regularly tested to ensure expected functional behaviour. Manual controls can also be very effective, but are more prone to workarounds and deviations, requiring validation and verification cycles of their own to assure consistent process adherence.


An external security consultant is ideally suited to evaluate automated and manual controls, through objective and unbiased assessments of logs, records and other forms of evidence.


Benefits:

  • Automating labour-intensive validation tasks;
  • Ensuring consistency in manual processes;
  • Meeting certification requirements;
  • Improving adherence to business logic flows.


We are experienced in internal control definition and review.  Pertinent certifications and certificates held by EthiSecure staff include:

ISO/IEC 27001 Lead Implementer - PECB

ISO/IEC 27001 Lead Implementer

PECB
Certified ISO/IEC 27001:2022 Transition - PECB

Certified ISO/IEC 27001:2022 Transition

PECB
Share by: