The Value of a Readiness Assessment

February 16, 2015

Readiness Assessments are designed to assist service organizations in assessing their preparedness for different compliance reports, such as SOC 1 and SOC 2 examinations.

 Unlike a service audit which has the objective of reporting on existing controls, readiness assessments are designed to identify those controls that should be implemented or improved prior to an actual audit or gaps within the current control environment.

The Top 5 Values of a Readiness Assessment

  1. Auditor gains an understanding of the client environment in advance of the review
  2. Client management gains comfort with the audit team and the review process
  3. Low stress and candid discussions pertaining to the controls implemented, and the gaps identified
  4. Opportunity to review the assessed gaps and implement controls
  5. Clients can leverage the experience of the service auditor when beginning the preparation of the description of services, or report narrative.

Remember....

Ask questions
Utilize the knowledge and experience of the auditor to gain comfort and understanding of the review process.

Pull back the curtain
This is the time when nothing should be held back, especially in areas where the client might feel there are insufficient controls. One of the core objectives of the readiness assessment is to identify areas for improvement so that gaps are closed prior to the examination.

Previous Article
Some Thoughts on the Carbanak Attack and Security Control Failures
Some Thoughts on the Carbanak Attack and Security Control Failures

Anyone reading tech news this weekend likely saw the headlines about a malware attack used to track bank em...

Next Article
Understanding the Cloud Security Alliance STAR Program – Certification and Attestation
Understanding the Cloud Security Alliance STAR Program – Certification and Attestation

In the last 12 months, the Cloud Security Alliance (CSA) has made great strides in enhancing their CSA Secu...

×

First Name
!
Success
Error - something went wrong!