State and federal mandates require your organization to protect against unauthorized access or use of customer information that could result in substantial harm or inconvenience to any customer. As such, you must not only consider risk to the business entity, but also risk to your non-public customer information.

In general, a risk assessment must be sufficient in scope to:

• Discover reasonably identifiable threats from within and outside an institution’s operations that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems
  
  
• Discover reasonably foreseeable threats due to the disposal of customer information
  
  
• Examine the existing security controls to evaluate their sufficiency and identify any weaknesses which could put customer information at risk

Information security risk assessment is the process used to name and understand risks to the confidentiality, integrity, and availability of information and information systems. The SMP IT Risk Assessment identifies the value and sensitivity of information and system components and then balances that knowledge with the exposure from threats and vulnerabilities.

IT General Control Audit

For your organization, information and the technology that supports it may represent your most valuable assets. Securing this data while making sure you continue to support the business objectives represents an increasingly critical undertaking; and it is achieved by implementing a suitable set of security controls.

The selection of controls is dependent upon organizational decisions based on the criteria for risk acceptance, risk treatment options, and the general risk management approach applied to the organization, and should also be subject to all relevant legislation and regulations. Once established and implemented, controls must be monitored, reviewed, and improved where necessary to ensure sustained relevance and to validate continued conformity with organizational security and business objectives.

SMP’s IT General Control Audit is designed to develop a clear understanding of your key controls (including policies, processes, procedures, organizational structures, and software and hardware) that are present in the environment surrounding the information systems from a technical and operational standpoint. The objective of this review is to determine whether the Control practices are reasonable to support your technology needs and are functioning as intended.