Information System Audit

Independent and objective review of your IT infrastructure

Get a Quote
Information System Audit
 

Independent and objective review of your IT infrastructure

 

An information systems audit involves the examination of various controls within an information system architecture. The process includes collection and evaluation of evidence of the design of controls and functions that are implemented in information systems. The scope of the audit includes the internal control systems and information systems such as data, application systems, technology, facilities, and people.

 
IT Governance
 

Various IT decisions such as strategies or policies, organizational structure, or adoption of new technology can greatly impact a business. IT Governance is the process of continually ensuring that IT resources are being utilized efficiently to achieve the organization’s goals and objectives. The framework we follow covers all of the points in the NRB IT Guidelines and Electronic/E- banking Directives.

 
 
Review of Policies and Procedures
 

It is crucial to review policies and procedures as outdated policies may not be compliant with new rules and regulations, hence posing a risk to your organization. Reviewing policies and procedures regularly keeps your organization updated with the industry best practices. It is especially more crucial for highly regulated industries such as banking, healthcare, etc.

 
Protection of Information Assets
 

Information assets hold great value to an organization so they must be protected by ensuring Confidentiality, Integrity, and Availability. For the protection of information assets, it is essential to evaluate controls related to Vulnerabilities Assessment and Penetration Testing (VAPT) of information systems infrastructure such as network devices, security devices, servers, operating systems, databases, applications, etc.

 
Audit Methodology
 

We follow the ISACA Information System Audit Standards and Guidelines in performing the audit. Additionally, we adhere to the following standards and guidelines:

 
  • • COBIT 5 framework for management and governance of enterprise IT
     
  • • ISO 270001/2013 Information Security Management
     
  • • ISO 270002 Information Security Controls
     
  • • ISO 27033 Network Security Standard
     
  • • The Sarbanes-Oxley Act of 2002
     
  • • PCI-DSS payment card industry data security
     
  • • NIST Information Security Standards Cyber Security Framework
     
  • • ITIL best practices in IT Service Management
     
  • • SANS policy guidelines
     
  • • Open Web Application Security Project (OWASP)
     
  • • NRB IT guidelines 2012 Online Banking/e-Banking directive
 

Secure Your Network

Ask for a quotation

Get a Quote