Customers expect that organizations have a valid cybersecurity program. Prove it by having it independently verified, validated, or certified. CyNtell is accredited and/or qualified to conduct cybersecurity audits for organizations to verify processes, validate the applicability and appropriateness of controls, and to certify adherence to best practices and industry standards. At the conclusion of each audit, CyNtell issues a proprietary “Graded Health Report”, a Plan Of Action and Milestones (POAM), and a Certificate of Completion (or Certification).
A Verification audit is conducted by examining an organization’s cybersecurity policy and determining if the organization has implemented a resultant program. CyNtell will review corporate practices and operational processes to ascertain relevance to the cybersecurity policy. As part of every verification audit checklist, CyNtell will examine the organization’s processes for risk management, policy review, policy change management, policy revisions, policy communication, and security awareness. CyNtell will measure the implementation and adoption of the organization’s cybersecurity program by review of documentation, interviews of personnel, and observation of normal operations.
A Validation audit follows, and extends the reach of, a verification audit. CyNtell will validate documentation, interview responses, and operational observations with security testing. An organization will undergo a comprehensive vulnerability assessment to validate the adequacy of implemented controls. Social engineering exercises and technological penetration testing will be conducted to measure the effectiveness of the security awareness activities, users’ adherence to procedures, and IT safeguards and countermeasures.
Certification audits include all the activities of verification and validation. The focus of a certification audit is to validate the organization’s adherence to a particular industry standard like ISO 27001 and NIST RMF. Such audits are more intensive and require a great deal of time and effort. CyNtell can perform a mock audit, or the actual certification audit depending on the desired standard. Contact us for our list of qualified standards.