TrustCC, Information Security Consulting & Compliance

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Solutions & Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company Info
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News & Events
  • News & Press
  • Seminars and Training

General Controls Audit

Auditors are not typically the people you want to see wandering through the halls of your office. TrustCC auditors are different. We’re not here to fine you or to get you in trouble. Our goal is to scour your information security controls and identify weaknesses to help protect you from those that will cause trouble – attackers, forgetful or disgruntled employees, and yes, regulators.

TrustCC has developed several different audit plans to help your organization meet its compliance and internal audit goals. Our Information Technology Audits cover a broad range of areas including, but not limited to, systems and applications, information processing facilities, development and change control, management of IT and enterprise architecture, and client/server operations.

Designed For:

• Banks and credit unions that want to evaluate overall compliance with GLBA guidelines in preparation for a regulatory examination.
• Any organizations in need of a third party to analyze their SOX404 key controls and testing procedures.
• Organizations that want to provide their Board (or Audit Committee) with a representation of the current state of information security and regulatory compliance.
• Any organization in need of a third party’s performance of an external IT audit, which will include identifying, testing and evaluating the effectiveness of general IT controls in the form of policies, procedures, and processes.

What We Typically Provide:

• Regulatory Compliance: Procedures designed to evaluate compliance with technical, physical and administrative control provisions (safeguards) that are addressed by your particular regulatory environment.
• Comparative Analysis: TrustCC will provide you with a general comparison to other organizations with similar regulatory requirements so you know how you may be "measured" when examined by your regulators

How You Benefit:

• You'll understand your areas of risk and will be able to prioritize your risk management initiatives to address matters of greatest priority.
• Our reports will show you where you are and where you are not compliant with your regulatory environment, whether it is GLBA, HIPAA, SOX 404, PCI DSS, TG-3 PIN Security, or others.
• At the committee's directions and as the "eyes and ears" of the Board, TrustCC endeavors to perform audits that are distinctive from those performed by our competitors.