Compliance Readiness

Ensuring that your business meets
internal and external compliance requirements

Nexum Compliance Readiness

Audit Readiness Preparation, Standards Reviews, and Technical Practice Audits

Nexum’s review services ensure your organization’s policies and practices meet audit requirements.

Controls Compliance Review

A compliance review examines an organization’s adherence to appropriate external IT standards mandated by regulatory or business practice requirements such as FERPA, HIPAA, PCI, Sarbanes-Oxley and others.

  • Policy & Practice: We inspect your organization’s policy and practice documentation for compliance with regulatory or business practice requirements. We’ll report on gaps and recommend remediation language and practices.
  • Technology: We examine system configurations, access controls, user grouping and authorization systems for compliance with regulatory or business practice requirements. We’ll report on gaps and recommend remediation steps. We’ll also help organize, project-manage and document the ongoing remediation process through completion. And we’ll establish audit-readiness timelines and milestones.

Technical Business Continuity Review

Our engineers look at your organization’s critical servers, IT infrastructure and services to detect gaps and determine the efficacy of business continuity, incident response and technical disaster recovery plans. A typical review includes an assessment of likely business impacts from specific technical failures and makes recommendations to heighten fault tolerance and remedy shortcomings in the IT portions of the business continuity plan.

  • Perimeter: We examine internet, email, web-based application, POTS and DMZ business continuity from a technical IT perspective and provide a gap analysis regarding the planning between the organization and external vendors, suppliers, key services and network links.
  • Internal: We inspect inter-site (wide area network, or WAN) key business applications and internal telephony business continuity from a technical IT perspective, analyzing redundancy and continuity planning for failure scenarios between internal business sites and groups.

Audit Readiness Preparation

The audit readiness preparation process involves a compliance assessment and assistance in helping your organization meet its security technology-related audit requirements. The preparatory process allows your organization to meet compliance requirements on its own timelines, rather than scrambling in the throes of an audit remediation process.

  • Technology: We examine system configurations, access controls, user grouping and authorization systems for compliance with regulatory or business practice requirements. We’ll report on gaps and recommend remediation steps. We’ll also help organize, project-manage and document the ongoing remediation process through completion. And we’ll establish audit-readiness timelines and milestones.
  • Policy & Practice: We examine your organization’s policy and practice documentation for compliance with regulatory or business practice requirements. We’ll report on gaps and recommend remediation language and practices. And we’ll review revisions and guide changes until policy and procedure manuals are believed to be in compliance and ready for audit.

Technical Practice Audit

A technical practice audit examines your organization’s practices against its own written policies to ensure self-compliance. The review does not refer to external standards, but is based on your organization’s own security policies. The audit helps ensure that your organization’s policies and procedures are being met and are adequate to properly guide personnel in the execution of their duties.

Looking for more information about our compliance readiness services?
Contact Us