Coalfire Systems - IT Audit Services

Home

Industries

Solutions

News & Events

About Us

Careers

IT Audit Services

IT Risk Assessment Services

IT Security Planning

PCI Compliance Services

Application Code Review

Vulnerability Scanning

Penetration Testing

Scalable IT audit services

to fit every need.

Independent validation of IT controls provides a unique, unbiased perspective into the overall effectiveness and efficiency of your controls program. This perspective provides assurance to senior leadership and management that their risk mitigation strategies and control objectives are functioning consistently.

At Coalfire, we understand that the IT audit function works most effectively with management - collaborating on risk, control objectives, and testing - to provide meaningful results. While we respect and observe independence from management, we do not advise isolated independence that can prevent a solid understanding of organizational business objectives and priorities.

Our IT audit services are scalable to fit your requirements - from strategic, risk-based audit planning and execution, to tactical control audits aligned to your annual audit plan. In any case, our audit services can help you plan and execute your next audit with precision and accuracy.

Co-Sourced Internal Audit
SAS 70 Reports
SOX ITGC Assessment
HIPAA Security Assessment
FISMA Security Assessment
System Security Testing
Wireless Security Assessment

Co-Sourced Internal Audit

Coalfire's co-sourced internal audit service provides you with the tools and resources necessary to fit your audit plan. For organizations without an annual IT audit plan, Coalfire can help design and implement a formal plan that fits your risk management program and compliance requirements.

The co-sourced internal audit service utilizes seasoned IT audit and security professionals who maintain concurrent CISA and CISSP certifications. Our staff uses shared, automated audit resources that help coordinate scheduling, control artifacts, and provide reports for internal stakeholders. This enables efficient participation and streamlines many of the "pain points" associated with audit activities.

Statement of Auditing Standards #70 (SAS 70)

In today's interconnected business environment, many services are dependent on support from an integrated supply chain of third-party products and services. A due diligence process is needed to assure corporations about the safety and integrity of their data when being handled by a third-party organization.

SAS 70 audits provide this very assurance by examining, documenting, and if needed, testing a wide array of internal controls within these "service organizations". Coalfire teams with certified public accounting firms to deliver a comprehensive examination and audit report for our clients. This coordinated relationship coupled with clean segregation of duties helps deliver a valuable SAS 70 service to your organization.

Our SAS 70 service is structured to help your IT staff select the best approach to IT control reporting and management. This prevents duplicity and omission of control that may exist with other IT control frameworks within your IT organization. This structure not only creates efficiencies within your audit and control operations program, but helps deliver a meaningful SAS 70 service to your organization.

Our SAS 70 services provide the highest value when integrated with our common controls program. The common controls program provides a single set of control objectives, audit activities, and reporting for internal and external audiences.

SOX ITGC Assessment

Organizations faced with demonstrating control over their internal financial reporting processes understand the challenges of IT control testing and audit. Coalfire can help support the full lifecycle of your SOX ITGC program, from risk assessment and control selection to management testing. We understand that SOX ITGC begins with a "top-down' examination of risk in order to justify control. We also understand that controls must make sense to the organization in order to truly yield benefits.

Our introductory level SOX ITGC compliance assessment performs management testing of your ITGC over financial reporting in order to provide assurance of control effectiveness in advance of your annual audit. Coalfire can also help assess ITGC risk, select controls, document ITGC process controls, and manage your internal SOX IT Audit plan - providing end-to-end solutions.

HIPAA Security Assessment

Compliance to the 160 discrete privacy and security implementation specifications under HIPAA poses managerial, operational and technological challenges to healthcare organizations. Coalfire's services assist HIPAA-covered entities of all sizes to identify their risks to protected health information in electronic form and prioritize and justify control approaches to mitigate those risks. Coalfire has also performed over 100 HIPAA assessments to validate compliance status.

FISMA Security Assessment

The Federal Information Security Management Act (FISMA) was established in 2002 as a federal law designed to increase the security posture of federal systems and their supporting entities. Since its establishment, an increasing number of federal information systems and databases have been integrated into non-federal agencies, including municipalities, law enforcement, and contractors. Coalfire has a team of FISMA experts who can assist your organization in preparing for a system accreditation, FISMA audits, classifying assets, and conducting risk assessments. Our processes, tools, and methodologies are based on the core components established by NIST, such as Special Publications 800-53rev1 (Recommended Security Controls for Federal Information Systems), 800-30 (Risk Management Guide for Information Technology Systems), and FIPS-199 (Standards for Security Categorization of Federal Information and Information Systems).

System Security Testing

System configuration and management weaknesses have historically been the number one cause of security breaches. Secure system hardening and management procedures can greatly reduce the overall risk to an organization. Coalfire has extensive experience in system security testing in heterogeneous environments and leverages proven testing tools. Our testing services will provide a security profile of any system, including network devices, mainframes, AS400, Windows-Unix-Linux host systems, workstations, PDAs, databases, telecommunications, printers and appliances.

Coalfire conducts system characterizations as part of our system testing services to understand the information risk profile of the system and justified configuration parameters. We are able to test, analyze and report to a plethora of industry standards for system security hardening or test solely against an organization's security requirements and baseline configuration policies.

Wireless Security Assessment

Whether or not you officially support wireless network technologies in your organization, you can bet that there's realistic risk exposure from wireless devices. Wireless networking technology is one of the most adopted technologies to date. Because 'wifi' is readily available on laptops and easy to set up, it has been deployed in environments where there are strict no-wireless policies in place for years. Coalfire can help you discover wireless technologies you may not be aware of and help you find where you have deployed wireless. We leverage the industry's best wireless testing and audit tools that allow us to execute wide ranging war driving assessments and focused penetration testing of wireless access points. For organizations that want to incorporate wireless assessment as part of their overall vulnerability management program, Coalfire can provide managed wireless assessment solutions that will provide real-time detection, prevention and alerting of wireless policy breaches or vulnerabilities.

Resources

>SAS 70 web site

>View archived webinars