Assurance / Audits and Assessments
Assurance - Audits and Assessments
A key area GRC Mentor focus on is audits and assessments. We perform various types of audits and assessments on many standards, best practice frameworks, guidance standards, compliance requirements (laws and regulations) as per the client requirements to ensure Governance, Risk and Compliance (GRC) are in place.
An organisation's GRC performance also depends on the strength of its assurance activities. GRC Mentor focuses on the below types of assurance activities primarily -
-
First party audits (Internal audits) - these audits are conducted by an organisation for its own benefits - to understand where they are or are things in place. We do it for you with an independent view aligned to the organisation's objectives and good practices in the industry.
-
Second party audits - these are done by external independent bodies, for instance, a customer on the supplier. We recommend a customer organisation not to go by a certification per se, rather, depute auditors from their side to perform the audit to ensure their objectives can be achieved. We specialise in this type of audit and provide the customers with an objective and independent view on what we audit.
-
Third party audits - these are done by regulatory bodies for compliance assurance purposes or by independent certification bodies for certification purposes. We can help an organisation in evaluating the right certification body for any management system certification like ISO/IEC 27001:2013, ISO/IEC 20000-1:2018.
-
Independent / Expert assessments - these are done by independent bodies for the purposes of assurance to a compliance requirement where there is a need for compliance or conformance but a formal certification is not required or a scheme for the same is non existent. GRC Mentor, with its highly competent and experienced auditors/assessors, perform this kind of assessments and issue a letter of compliance (Certificate of Compliance)
-
Gap Analysis - against any requirements related to information security, service management, quality management, risk management, compliance to regulations and laws performed by GRC Mentor that is specific to a client requirement or for a specific purpose.
IT General Controls (ITGC)
Assessment of an organisation's IT General Controls for their efficiency and effectiveness. All controls required by an organisation's functionaries assessed
Data Privacy
An organisation's privacy compliance posture is assessed based on HIPAA, GLBA, EU GDPR, CCPA, PDPA (India, Singapore, Malaysia) or any other regional privacy act / regulations.
Information Security
Information security assessments are done based on ISO/IEC 27001:2022, NIST Cybersecurity Framework, PCI DSS or any other security requirement based on standards / regulations etc.
SSAE 18 (SOC 1, SOC 2, SOC 3)
SOC 1, SOC 2, SOC 3 (Type 1, Type 2) attestation reports prepared. The internal controls at a service organisation evaluated against the requirements and reports produced.
Service Management
The assessment of entire service management processes and systems for determining the capability and maturity levels of processes and overall framework.
Data Privacy
An organisation's privacy compliance posture is assessed based on HIPAA, GLBA, EU GDPR, CCPA, PDPA (India, Singapore, Malaysia) or any other regional privacy act / regulations.
COBIT Based Assessment
Governance of enterprise IT is very important for any organisation in order to ensure ROI, VOI and other objectives achievement. COBIT based assessment provides with a view on how an enterprise is really focusing on Governance of Enterprise IT.
Computer System Validation
Computer System Validation (CSV) based on GxP (Good Manufacturing Practices Good Distribution Practices, Good Storage Practice etc.) ensures the relevant practices are safe, meet their intended use and adhere to quality processes throughout their lifecyle of activities.