Risk & Security Monitoring Guidance

Whether you have systems and infrastructure in-house or outsourced, we can help you determine what information can and should be logged and reviewed. We will help you determine what monitoring reports and services are available from your providers and in-house systems and develop action plans for your internal review of inappropriate activity.

If you rely on a third party service provider for significant infrastructure or application hosting, we will help develop follow-up procedures in the event of problems or incidents.

We can help with your recurring vendor due diligence efforts. Our approach includes evaluation of vendor provided information, including SOC reports, security statements, financial reports, in addition to information we gather through questionnaires and discussions with vendors. If we recommend changes to your vendor’s control environment, we can help you discuss the requirements and expectations with the vendor and monitor for their compliance.

We recommend that user access be reviewed for critical systems at least twice a year. We recommend quarterly review of administrator accounts.

We will help you build the user access review procedures for critical support applications. We will identify the reports necessary and provide guidance on the review steps.

We can help manage the review to ensure timely completion, if requested.