Information Technology Consulting
Technology risks are fast becoming critical components of a company’s risk model. These risks threaten all aspects of a business enterprise. If not effectively addressed, technology risks can impact profitability, prevent compliance with regulatory requirements, and damage a company’s reputation in the marketplace. Management recognizes the importance of effectively managing technology risk in order to maintain competitive advantage.
GCPA can assist organizations in their efforts to manage technology risks. We offer the following comprehensive information technology solutions:
- Information Technology Audit, Compliance and Regulatory Services;
- Service Organization Control ("SOC") 1 & 2 Audits; and
- Network Vulnerability Assessments and Penetration Testing.
- IT Audit, Compliance and Regulatory Services
GCPA provides IT audit services specifically designed for regulated financial institutions, as well as any business with IT security risks. We focus on the IT components related to the requirements and guidelines issued by the Federal Financial Information Counsel (FFIEC) and the Gramm-Leach-Bliley Act. We also assess and report on general computer controls present in an organization’s information system environment. Our assessments focus on the organizational, infrastructure, physical/environmental, and logical controls are aligned with leading practices associated with the organization’s specific industry.
Service Organization Control Auditors Reports, otherwise known as SOC Reports, are the primary service offering of GCPA. Our certified IT professionals perform both SOC 1 ("SSAE 16") and SOC 2 (Principles and Criteria) audits for clients in numerous industries.
GCPA professionals have performed numerous SOC 1 & 2 audits and pre-assessment procedures throughout the country for service organizations providing significant support and data processing for the financial services industry.
See our SOC page for more info.
Network Vulnerability Assessments and Penetration Testing
A vulnerability assessment shows the system’s security posture with respect to specific vulnerabilities. The focus of vulnerability assessment exercises is to perform a thorough examination of the IT environment and identity the weak points. The vulnerability assessment interprets and compares results against the various business processes to determine whether the perceived vulnerability is indeed valid, is a false positive, or whether other security controls address the perceived vulnerability.
Our network vulnerability and penetration testing services are designed to automatically discover and manage all devices and applications on the network, identify and remediate network security vulnerabilities, measure and manage overall security exposure and risk, and ensure compliance with internal and external policies for GLBA and other regulatory initiatives. The combination of internal and external audits provides the most comprehensive, GLBA-compliant assessment of risks to unauthorized access of nonpublic financial and personal data.