Concurrent IS Audits Of Datacentre
- Daily audit as per company’s requirements especially review of user management (creation, modification, deletion of user accounts and their privileges)
- Review change management, review incident management, review backup process, daily audit trail verification for changes done in parameters, and tables, handling of failed transactions, handling of soc alerts
- Review of VAPT compliance, helpdesk review, etc
Compliance to Payment Card Industry (PCI-DSS)
- Review of compliance to PCI-DSS as per their standard guidelines for operations involving card
Compliance with Regulatory Guidelines like RBI, NBFC, NPCI, SEBI, IRDA, Aadhar, eKYC etc
- Compliance with regulatory guidelines such as the RBI, NBFC, NPCI, SEBI, IRDA, Aadhar, eKYC, and so on.
Compliance to GDPR, Data Privacy Regulations
- Review of compliance to privacy laws as per law/guidelines for data collection, transit and storage, preventive controls and measures undertaken by the client
Compliance to Cyber Security Guidelines
- Cybersecurity policy
- Network architecture security, segregation of networks, redundancy and load balancing
- Access controls, single-point failure, presence of security devices such as firewalls, IDS/IPS, their placement, endpoint security, and configuration review
- External VA/PT for vulnerable ports and openings, SIEM, SOC, performance, business continuity/redundancy
- Incident management, monitoring, review, tech, exploitation of vulnerabilities in a wireless network, internet controls, email, web controls, and social media controls, etc.
- Capacity planning, performance monitoring, licenses and compliance, help desk, cybersecurity preparedness indicators
- Existence of SOC and its management review, etc.
Vendor Audit/Third party services audit/outsourced services security audit
- SLA review
- Background verifications
- Business continuity
- Skills, compliances will be reviewed of third-party resources