IT Risk Assessment 

In today’s dynamic technology environments, organizations are exposed to many security risks that need to be mitigated by implementing the appropriate level of internal controls. These controls are critical, and have two facets: design of controls and operating effectiveness of controls. In addition, organizations are required to comply with a variety of regulations, including:  

IT_SecurityThe IT Risk Assessment reviews the customer’s IT environment and identifies risks, internal controls, and gaps in controls. The Assessment then breaks down the probability and impact of individual risks, and maps those risks to various IT Security Frameworks, such as CoBIT, NIST, and ISO27001.

At the end of the engagement, Compass will develop a detailed written report that outlines the following:

  • Compliance requirement or security control in question
  • What your organization has in place compared to that compliance requirement or control objective
  • A risk rating that outlines the delta between the requirement and your current control
  • Clear, actionable remediation strategy to mitigate your risk  
Whether you are trying to secure your organizations key systems as a best practice or comply with various federal/state/industry regulations, Compass will assist your organization in building a culture of security, helping you save time, money, and resources.

Compass IT Compliance, a leader in IT Compliance services throughout the United States, is certified as a PCI Qualified Security Assessor (QSA). Compass' expert consultants – all CISA certified auditors, network engineers and project managers – stand ready to assist you with all your organizations IT Secuirty needs.