The Information Security Program Assessment (ISPA) is the compliance analog to the Architecture Assessment on the technical side. It is a thorough evaluation of the organization’s administrative controls governing the information security program as a whole. CynergisTek conducts a thorough review of information security policies and procedures, interviews key stakeholders and conducts physical walk-throughs as part of the data collection phase. In advance of the data collection, a detailed interview schedule including topics/focus, approximate durations, and target attendees is developed and is the basis for the itinerary while our consultants are on site conducting the data collection phase of the assessment.
We strive to include a disciplined “show me” approach to establish the crucial demonstration of compliance as is typical of an OCR audit. At the client’s request our assessment can measure the elements of an organization’s information security organization against any or all (selecting the most rigorous compliance standard applicable for a given client) of the following compliance frameworks: