Security Audits

When conducting business via the Internet, you may be required to undertake independent, standards-based IT Security Audits, either dictated by regulated bodies for compliance to mandatory industry standards, or  to provide partners and suppliers with the assurance that you conform to particular standards.

Audits undertaken by eSecure are varied, depending on the business driver for the audit.  Generally, security audits are checks against common Security Controls outlined in standards such as the AS/NZS ISO/IEC 27001:2006 Information technology - Security techniques - Information security management systems – Requirements standard.

eSecure commonly perform three types of Security Audits:
- High Level (tick sheet) audit whereby the audit is predominantly interview based
- Semi-detailed audit whereby interviews are undertaken, followed by our consultants obtaining evidence that
  procedures and processes are in place to provide a higher level of assurance
- Detailed audit which incorporates the first two reviews, although provides an even greater level of assurance by
  gathering further evidence to demonstrate that the procedures and processes are actually being implemented.

Depending on the business driver, eSecure can undertake security audits of your Information Security Infrastructure and processes to meet your organisation’s business requirements.