Contact   |   Sitemap

IT Audit Methodologies

We offer a range if IT audits that will assess your existing operations against various standards and regulations.  These IT audits are increasingly required to ensure your organization meets industry best practice and complies with standards.

We offer the following services for information technology assessments:

  • Federal Information Security Management Act Assessments, also known as C&A (certification and accreditation) and is based on the U.S. Government National Institute of Standards and Technology Special Publications 800-18 / 800-37 / 800-53
  • ISO 27001 / 27002 for IT Data Center and application security
  • ISO 21188 PKI Financial Audits
  • CobIT4 - General IT framework endorsed by the ISACA organization ( www.isaca.org)

We also offer other assessments that can be customized to your internal policies, local laws, or local regulatory requirements.

NIST Certification & Accreditation 800-53 Audits

The purpose of the NIST 800-53 guidelines are for selecting and specifying security controls for information systems supporting the agencies of the Federal US government.  The guidelines have been developed to help achieve more secure information systems and effective risk management within the Federal government by:

  • Providing a more consistent approach for selecting and specifying security controls for information systems and organizations
  • Providing a recommendation for minimum security controls for information systems
  • Providing a stable range of security controls for information systems
  • Creating assessment methods and procedures for determining security control effectiveness
  • Improving communication within an organization

The eValid8 NIST 800-53 audit will assess information security across the range of guidelines and make recommendations for change.

ISO 27001/27002/21188 Audits

ISO 27001/27002/21188 defines a management system that is used to control information security by management. eValid8 can assess your information security management to assess that it is compliant with the ISO standards.

Our audit looks at and delivers the following:

  • Examines your organization's information security risks, assessing the threats, vulnerabilities and impacts
  • Recommend a coherent suite of information security actions to address the risks;
  • Recommend a management process to ensure that the information security controls continue to meet your organization's information security needs in the future.