Business owners, individuals, and third parties, often engage us to perform an agreed-upon procedures (AUP) engagement to perform specific procedures and report findings. AUPs are conducted by our audit professionals in accordance with attestation standards established by the American Institute of Certified Public Accountants. Our clients, often at the request of a third party, select the procedures to be performed and accept full responsibility for the sufficiency of the requested procedures. Our report details the procedures we performed and our findings. Examples of AUP engagements include compliance with licensing and royalty agreements, calculations of internal rate of return and other mathematical computations, confirming specific information with third parties, performing specific procedures on work performed by others, and reviewing documents to confirm transactions.
The adoption of an Information Security Management System is a strategic decision for an organization. ISO 27001 is the international standard that describes best practice for an Information Security Management System. It is the benchmark for evaluating information security risks, and contains the tools to assist the businesses in setting up the frameworks and processes to manage newer forms of technologies, and address their complete information security needs.
Being ISO 27001 certified demonstrates to your existing and potential clients that you are taking a proactive approach to mitigating cybersecurity risk by applying best-practice information security. ISO 27001 certification is invaluable for monitoring and maintaining an organization’s ISMS. Plus, this certification sends a message to potential clients and business partners that they can be confident in your data security practices, giving you an edge over competitors lacking an ISO 27001 certification.
There are two audit stages that must be completed in order to achieve ISO 27001 certification.
Stage 1 Audit
Stage 1 Audit is sometimes called the “documentation review” or “pre-assessment” where our auditors perform a high-level review of your ISMS and determine if your policies and procedures are in place to conduct an audit.
This initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to stage 2. Our auditors will also highlight any areas of nonconformity and point out where potential improvements can be made.
Stage 2 Audit
Stage 2 assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational. Our auditors will conduct a thorough assessment to determine if your organization’s ISMS is within compliance of the ISO 27001 standard.
The information security management standard lasts for three years and is subject to mandatory audits to ensure that you are compliant. At the end of the three years, you will be required to complete a reassessment audit in order to receive the standard for an additional three years.
Our Services:
PCI DSS compliance is required for any organization that stores, processes, or transmits cardholder data. For some businesses, compliance is considered an obligation. For others, it’s fundamental to broader business objectives. To address your individual needs, we offer a portfolio of PCI DSS compliance services:
We can also help you customize a continuous compliance solution that provides year-round compliance program support, helps you maintain your compliance posture, and addresses resource gaps.
Compliance Essentials is a next-generation solution for managing compliance, assessments, and risk more easily and efficiently. Our enterprise-grade solution combines SaaS technology with expert guidance and assessment services, making the compliance process more efficient. Plus, it supports all major compliance frameworks, including PCI, SOC, ISO, HIPAA, HITRUST, FedRAMP, NIST, and more.
Vulnerability Assessment
vulnerability assessment services help you assess on-premise hosts, databases, and web applications to identify potential configuration and asset management deficiencies. From there, you can strengthen your cyber defenses and ensure consistency and completeness of your security processes. Coalfire does this on a regular basis to ensure continued identification and resolution of potential security issues.
Penetration Testing
penetration testing services provide a comprehensive approach that includes asset discovery, threat modeling, compliance testing, offensive security testing, and remediation support. By partnering with the most experienced and largest pen testing organization, our Partner’s will help you reduce your internal and external threat vulnerabilities keeping costs down and productivity levels up.
Our comprehensive support – with people, processes, and technology – allows us to help you scale regardless of size and navigate the entire vulnerability management process.
More than 100 Organizations have leveraged our objectivity through published white papers. Our papers highlight your approach to cyber security, provide credible support to your marketing efforts, and make your sales cycles easier and shorter. We work with your team to develop a white paper that addresses your audience and business goals.
Service | Description |
Technical Evaluation White Paper | Provides technical design ideologies and principles of a product offering, discusses Coalfire's tests and associated findings to your clients and/or prospects. |
Product Applicability White Paper | Describes how your product may assist in creating compliant infrastructure for your clients and prospects. |
PA-DSS out-of-scope White Paper | Provides a third-party technical perspective of your payment applications PA-DSS applicability based on in-depth validation; discusses how an application may not meet the eligibility criteria for PA-DSS validation. But still fits the basic requirements for installation and use in PCI compliance. |