IT General Controls – Review of IT General Controls that are applied to
applications, operating systems, databases, networks and supporting IT Infrastructure. Some
of the domains covered as part of the review include Policies and Procedures, Risk
Assessment, User Access Management, Change Management, Backup and recovery, Patch
management, End-point security, etc.
ERP Controls review – ERP controls are critical to ensure the integrity of the
application and its data. Some of the domains covered as part of the review include User
Access Management, Privileged Account Management, Audit Logs, Change Management, Batch
Processing, etc.
Attestation Readiness ( SOC 1, SOC 2 and SOC 3) – SOC reporting provides
assurance to customers and their auditors. SOC reporting is a great tool to demonstrate
controls and provide comfort to your customers on the design and operating effectiveness of
controls. As part of attestation readiness, our experienced will perform an assessment and
identify areas with potential gaps and provide recommendations. We will also go a step ahead
to help you implement these controls and handhold through the independent attestation
process.
.jpg)
_design.jpg)
Segregation of Duties (SOD) design – An ineffective SOD design could be costly
and may also lead to control weaknesses and frauds. Finstein has developed a complex
methodology to identify SOD conflicts, evaluating the impact of SOD violations and
redesigning roles to ensure SOD is maintained.
ISO Certification Support – ISO 27001:2013 boosts an organization’s information
security quotient and the certification process can be tricky involving enormous efforts to
define and implement policies. We will help you identify potential gaps and implement
controls. We will also go a step ahead to handhold you through the certification process.
