Power Your Business with Our System Audit Services

Being a prominent information security company with vast experience of various aspects of this business, we think it’s our duty to serve different sectors and domains of industries to provide them with our cutting edge technology experience. So we all grow together!

Security Architecture Review

  • Policies
  • Network Security
  • Database Security
  • Processes And Internal Controls Such As Patch Management, Hardening
  • Review And Monitoring
  • Access Controls
  • Logs And Audit Trails
  • Security

Framing Policies, Processes, Procedures and Guidelines

  • Review of policies as per ISO 27001
  • Relevant regulatory guidelines

Application Security Review

  • Application security testing manually and with tools
  • Adherence to Legal & Statutory requirements (GST recovery, data protection etc.)
  • EOD-BOD, EOD reconciliations
  • STP (Straight Through Processing) possibility
  • Application security policy, access controls, audit trails, user management
  • Segregation of duty, separation of duty
  • Input, output, processing controls, authorisation controls such as maker, checker, parameterisation
  • Business logic, session management, exception handling
  • Interfaces
  • Backup and BCP
  • Reconciliations, database security, server security, operations, effectiveness
  • Change management and patch management
  • Third-party management (SLA etc)
  • User training
  • Incident management
  • Regular review of accesses

Network Security, Wireless Security

  • Network architecture security
  • Segregation of networks, redundancy and Load Balancing
  • Access controls, single point failure
  • Presence of security devices such as firewalls, IDS/IPS, their placement
  • Endpoint security
  • Configuration Review
  • External VA/PT for vulnerable ports and openings
  • SIEM, SOC, performance, business continuity/redundancy
  • Incident management, monitoring and review
  • Exploitation of vulnerabilities in wireless network, internet controls, email and web controls, social media controls
  • Capacity planning, performance monitoring, licenses and compliance, help desk
  • Cybersecurity preparedness indicators

Special audits for ATM Systems

  • Audit includes ATM Switch, Reconciliations, cash management, encryptions and key management
  • Periodic VA/PT of systems, card data integrity, third party management
  • Alerts and incident management, patch management, helpdesk, certifications of vendor
  • ATM device management, site management, call centres/helpdesks, backup and BCP, physical security

Source Code Review

  • Review Business logic, bugs, errors and exceptions, backdoors

Secure Development/SDLC

  • Controls at all stages plan, design, coding, testing, rolling, change management, etc
  • End to end audit of system development life cycle

Internal Controls & Processes

  • Core application parameter controls
  • Access controls, user management, change management, incident management, escalations
  • Asset management, reconciliations
  • Physical security, logs and audit trails, reviews, maker checker, segregation and separation
  • Backups, internet controls, social media controls

CBS/ERP Application Security

  • Functional capabilities and controls Review
  • Parameter controls, access controls, user Management, segregation and separation of duty
  • Change management, incident management, business continuity and backup
  • Audit trails and logs, database security, server security, physical security
  • Reconciliations, business logic verification, etc.(all controls as mentioned in application security)

Internet/E-commerce Security

  • Application security
  • Compliance to regulatory guidelines, business logic
  • Capacity and performance controls
  • Logs and audit trails, database security, server security
  • Backup and business continuity
  • Escalations, incident management, change management, physical security, etc

Special Audits for Swift

  • Application security controls as mentioned under application security like STP, access controls, user management
  • Reconciliations, change management, incident management, parameter controls, network security
  • Internal controls backup and BCP
  • HSM management, physical security
  • Relevant regulatory guidelines

Payment Gateway Security

  • Certifications of the service provider, firewall security, access controls
  • Data privacy controls, server hardening, SSL, patch management
  • Internal controls, segregation of networks, endpoint security, change management
  • Periodic VA/PT by external auditor, logs and audit trail, backup and BCP, logs and audit trails, physical security

Business Impact Analysis

  • As a prelim to risk analysis and BCP, BIA is done. Critical business is identified by assessing the impacts on various criteria for RA and BCP

Internet Banking, Mobile Banking

  • Application security
  • VA/PT of devices and application
  • Compliance to regulatory guidelines

Prepaid Instruments

  • Compliance to RBI Guidelines on PPI

ISMS – ISO 27001 implementation Audit

  • Review of implementation organisation study, scope and objective definition, gap assessment and recommendations
  • Defining ISMS organisation, SOA, risk analysis, risk treatment and mitigation strategy, policies, procedures, record maintenance
  • Determination and maintenance of metrics
  • Management review, internal audits, CAPA (Corrective Preventive Action), pre assessment audits

Business Continuity and Disaster Recovery

  • Conduct business impact analysis, risk assessment and devise business continuity and disaster recovery plan

Enquire Now

Stay up to date with the latest news!