Industry Risk’s security compliance reviews and audit services involve assessing existing arrangements for alignment or conformance with designated benchmarks (legislation, standards, codes, policies etc.) We perform these security compliance processes in relation to both security management functions and cybersecurity requirements.
A security compliance review may be carried out in relation to either a complete program and/or limited elements of it, be or focused on security systems to examine how a current configuration compares to a desired standard.
It is important to note that, while reviews may make recommendations for improvement, security audits provide for expert observations on where shortfalls exist between client arrangements and benchmarks.
Security Management Functions
With a leadership pedigree in corporate security management (canvassing both traditional and cybersecurity functions), we appreciate that security programs can become complex, be shaped by regulatory and industry obligations, and conflicted over time.
We specialise in reviewing and auditing security programs to ensure that structural synergies are achieved, obligations are clear, and continual improvement is achievable.
Benchmarks that we are intimately familiar with include, but are not limited to:
- Protective Security Policy Framework (PSPF)
- ISO 28001 – Security Management Systems for the Supply Chain).
- ISO 22301 – Societal security – Business continuity management systems
- Defence Security Principles Framework (DSPF).
We deliver both maturity and compliance reports as part of this service; a sample of Security Management System Maturity model, which we specialise in, appears below (click to enlarge in new tab).
Security Management System Maturity Model
Cybersecurity Compliance Reviews
Industry Risk’s cybersecurity compliance reviews and audit services deliver independent assessments of capability and conformance status against, but not limited to, the following leading benchmarks:
- Information Security Manual (ISM).
- Cloud Security Principles.
- ISO 27001.
- National Institute of Standards and Technology (NIST) requirements.
- Payment Card Industry Data Security Standard (PCI DSS).
With IRAP assessors on board, Industry Risk is perfectly suited to provide a critical perspective on the maturity or conformance of your environment (or elements of it).
Industry Risk has assisted innumerable clients over many years, including many of the most prominent public and private sector organisations across Australia and the region.
If you require security compliance review and/or audit assistance, contact Industry Risk today to see how Australia’s leading light in security can help your organisation to assure conformance with your obligations.