Information Security Program Assessment

Home>Security Services>Information Security Program Assessment

The Information Security Program Assessment (ISPA) is the compliance analog to the Architecture Assessment on the technical side. It is a thorough evaluation of the organization’s administrative controls governing the information security program as a whole. CynergisTek conducts a thorough review of information security policies and procedures, interviews key stakeholders and conducts physical walk-throughs as part of the data collection phase. In advance of the data collection, a detailed interview schedule including topics/focus, approximate durations, and target attendees is developed and is the basis for the itinerary while our consultants are on site conducting the data collection phase of the assessment.

We strive to include a disciplined “show me” approach to establish the crucial demonstration of compliance as is typical of an OCR audit. At the client’s request our assessment can measure the elements of an organization’s information security organization against any or all (selecting the most rigorous compliance standard applicable for a given client) of the following compliance frameworks:

  • HIPAA/HITECH
  • Payment Card Industry Data Security Standard
  • FIPS Standards
  • 21 CFR 11
  • Meaningful Use
  • NIST Guidelines
  • ISO 27002
  • State Laws

The output of the ISPA is a comprehensive report of findings that clearly articulates the compliance status of the organization for each element of the selected compliance framework as compliant, non-compliant or not applicable. As a value add, we also map to the COBIT maturity model to rank the organization’s maturity for each element of the selected compliance framework.

Ask An Expert

Learn more about our Information Security Program Assessment service.

Speak to one of our experts today.
Ask An Expert