Security and privacy services managing risks
Information constitutes an essential asset for any Company nowadays and, therefore, requires protection. Our service focuses on the development of an action plan that enables to establish inside the organization a continuous process of security, with the aim to achieve and maintain an adequate level of security.
ECOVIS Guatemala aims to assess the degree of reliability of the information generated through the application systems, which allows Financial Audit to define, confirm or modify its audit strategy, according to whether it is trusted.
Perform the identification and documentation of the internal control framework supported by the company in technological and information aspects, that includes:
- General IT Controls.
- Business Cycle Internal Control.
- Design and execution of data tests.
The areas of review, in order to assess whether the internal controls of systems have been designed effectively, properly implemented and whether these are operating effectively.
The areas of review performed by the ECOVIS Guatemala team will be: System Security, Business Cycle Controls and Detailed Tests.
Evaluation areas by ECOVIS Guatemala:
- Data center and network operations.
- Network diagram.
- Network and communications procedures.
- System network monitoring procedures.
- Information Technology Service Levels.
- Physical and logical Security Information.
- Procedures for the creation, modification and cancellations in the systems.
- Physical security policies.
- Systems security policies and passwords.
- Matrix of user profiles in the systems.
- Program and databases modification
- Program modification process.
- Databases modification process.
- Information Technology Services agreement
- Evaluation of Information Technology agreement
- Evaluation of services provided by suppliers.
A growing number of risks related to information security, privacy and data integrity have a higher impact on business profitability, additionally generating reputational damage.
Security must be integrated into the information technology processes, in order to facilitate the proper protection of IT assets.
Organizations need to implement and maintain a comprehensive security and privacy risk management system, aligning human resources, processes and the various elements of technology, in order to continue in such a competitive market and to achieve adequate levels of security.
Maintaining a comprehensive security management program covers the following areas:
- Government and Information Technology Strategy (COBIT).
- International and industry specific standards (ISO 27001. Information Security, ISO 31000 RISK MANAGER).
- Risk management (COSO – ERM).
- Compliance with laws and regulations (JM-102-2011, SOX Sarbanes-Oxley Law).
- Training and Awareness.
- Effective assurance.
- Metrics and Indicators.
ECOVIS Guatemala can help you understand the key factors that allow your business to reduce those exposed to risks related to privacy and protection of personal data, including the following areas:
- A general security policy appropriate for the organization
- An inventory of the company’s systems (infrastructure, IT Systems, Networks, Applications, Organization, Staff)
- The requirements for system protection
- The threats to which the systems are exposed
- The controls suggested to minimize the threats
- The actual state of the implementation of the suggested control.
In accordance with what is defined in ISO 27001, the information security assessment is good for a good Information Technology Government.