Most Compliance-as-a-Service relationships begin with a thorough assessment. Information assets must be identified and evaluated at a baseline for a proper risk and standards gap analysis. Whether to meet a specific set of standards or for cybersecurity due diligence, the risk assessment is the beginning of the process.
Egis IT Security uses our general approaches and GRC tools to fulfill the needs for all assessments. Through our templating system, we then work with or on behalf of our clients to respond to requirements control sets and draft an evaluation of security controls. Inputs to the process typically include results from technical scans, vulnerability scans or pen test results, along with a thorough analysis of existing policy and documentation requirements.
Egis uses a combination of our own proprietary methods and industry tools to identify assets and map out information risk and protections in place. The process can be performed in coordination with client IT staff or directly with client participation as needed for logistics.
Egis engineers have the ability to use our toolsets to analyze cloud, local network assets and servers, database and enterprise applications, and work-from-home computers as a part of our analyses. Once analyzed, we can properly assess the risks to organizational information and use that information as input to a compliance needs control set audit.
Our skills and methods allow us to wear many industry hats. We have worked under audits and assessment frameworks for hundreds of compliance frameworks and standards.
Egis works with businesses of all sizes and industries. Most of our clients are small businesses who we help with the burden of their information security compliance needs. Feel free to reach out and see how we can help you!