TrustCC, Information Security Consulting & Compliance

Site Navigation:

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Solutions & Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company Info
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News & Events
  • News & Press
  • Seminars and Training

IT Audit

Auditors are not typically the people you want to see wandering through the halls of your office. TrustCC auditors are different. We’re not here to fine you or to get you in trouble. Our goal is to scour your information security controls and identify weaknesses to help protect you from those that will cause trouble – attackers, forgetful or disgruntled employees, and yes, regulators.

TrustCC has developed several different audit plans to help your organization meet its compliance and internal audit goals. Our Information Technology Audits cover a broad range of areas including, but not limited to, systems and applications, information processing facilities, development and change control, management of IT and enterprise architecture, and client/server operations.

Designed For:

• Banks and credit unions that want to evaluate overall compliance with GLBA guidelines in preparation for a regulatory examination.
• Any organizations in need of a third party to analyze their SOX404 key controls and testing procedures.
• Organizations that want to provide their Board (or Audit Committee) with a representation of the current state of information security and regulatory compliance.
• Any organization in need of a third party’s performance of an external IT audit, which will include identifying, testing and evaluating the effectiveness of general IT controls in the form of policies, procedures, and processes.

What We Typically Provide:

• Regulatory Compliance: Procedures designed to evaluate compliance with technical, physical and administrative control provisions (safeguards) that are addressed by your particular regulatory environment.
• Comparative Analysis: TrustCC will provide you with a general comparison to other organizations with similar regulatory requirements so you know how you may be "measured" when examined by your regulators

How You Benefit:

• You'll understand your areas of risk and will be able to prioritize your risk management initiatives to address matters of greatest priority.
• Our reports will show you where you are and where you are not compliant with your regulatory environment, whether it is GLBA, HIPAA, SOX 404, PCI DSS, TG-3 PIN Security, or others.
• At the committee's directions and as the "eyes and ears" of the Board, TrustCC endeavors to perform audits that are distinctive from those performed by our competitors

More Detailed Information (PDF opens in a new window)

Contact us today – Satisfaction is 100% guaranteed.

---

Sarbanes-Oxley Section 404 Audit (SOX 404 Audit)

Our team of skilled IT auditors will work with your public accounting firm requirements to provide a level of testing needed for compliance.  Our hands-on, real world experience with the industry’s most widely used technologies gives us an informed and practical perspective on controls testing. Our consultants hold current advanced certifications from Microsoft, Cisco, CompTIA, ISACA, and ISC2. These qualifications ensure that the most competent technical team members conduct your SOX 404 testing and that the recommendations provided are cost effective and practical.  We supply IT audit and technology expertise that few public accounting firms can deliver using their leveraged model of inexperienced and experienced staff.

Many organizations are turning to TrustCC to analyze SOX404 key controls and testing procedures using a risk based approach and this often results in more efficiency in SOX404 activities.

More Information

---

FFIEC Audits

TrustCC has developed a comprehensive audit program in adherence with the FFIEC Information Technology Examination Handbook booklets. The FDIC and state regulators that examine our clients ultimately correlate their regulations with FFIEC guidelines. Therefore, we have leveraged the same baseline to create audit test steps that similarly reflect the FFIEC booklets.

More Information

---

Mainframe Security Audit

Organizations are realizing the need to test the security posture of their mainframe systems and the applications that run on them. TrustCC offers security services to help these organizations meet regulatory requirements and design methodologies to insure the security of their mainframes and the applications running on them.

TrustCC is one of only a few security firms with personnel trained in the security of mainframe (OS390) and AS/400 systems. TrustCC is competent with Top Secret, ACF-2, Examine and Vanguard mainframe security products.

More Information

---