On-Demand IT Audit, Compliance & Risk Services
The IT Audit Group LLC, is a B2B subscription based Management Consulting firm servicing organizations throughout their IT Compliance cycle. We create Compliance Programs where none exists, we perform audits of existing environments, and manage the "current state" compliance posture via Continuous Monitoring.
Most common requests....
- Breach Notification & Insurance
- Cloud Compliance: CCM, CMMI, IaaS, SaaS, PaaS, AWS, Google, Azure, +
- Cloud Solutions: AWS, Azure, Google, Oracle +
- Compliance Readiness: SOX, SOC 1, SOC 2, HIPAA / HITRUST, PCI, SSAE 18, FINRA, ISO 27001
- Compliance Starter Packet (for start-ups)
- Compliance Testing
- Cybersecurity & Incident Response • Disaster Recovery & Business Continuity, Table Top
- Farm Credit Administration (FCA) IT Security
- Fin: GRC, FFIEC, NCUA, FINRA cyber security
- Frameworks: ISO, NIST, SANS, CIS - Top 20
- IT Audit (including ITGC), AS400, ERP – SAP, Oracle, Baan, Navision
- IT Policies & Procedures
- Privacy: GDPR, CCPA, 23 NYCRR 500, 201 CMR 17, Privacy Shield
- Regulations: GDPR, FINRA, FedRAMP+, GLBA
- Risk Assessment / Gap / BIA
- Security Questionnaires: SIG, SIG Lite, CIS, CAIQ, NIST 800-171, VSAQ
- Vendor IT Security Questionnaires / 3rd Party Security Questionnaires (general)
- Vendor Risk Management
“Their work was extremely comprehensive.”
IT Audit Group LLC conducted a security audit for a UX consulting firm. They dedicated a single resource to ensure their client’s compliance with specific information security standards.
“Their work was extremely comprehensive.”
Aug 13, 2020
IT Audit Group LLC conducted effective audits and maintained an efficient, remote workflow. They delivered comprehensive reports that covered each requirement in detail. They provided their services at a very reasonable cost, rendering them a go-to partner for future services.
A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.
Introduce your business and what you do there.
I’m the quality manager and enterprise risk officer at Bold Insight, a human factors and UX consulting company. We study prospective users and actual users that interact with devices belonging to different industries and recommend design improvements.
What challenge were you trying to address with IT Audit Group LLC?
We’re ISO-27001 compliant. We set up information security management systems to comply with that standard, and this certification entails that we perform an annual audit. We relied on them to help us fulfill this requirement.
What was the scope of their involvement?
They did our first audit against the ISO-27001 standard last summer, and we engaged them a second time for this year’s audit as well. We expanded its scope to cover the requirements of the privacy shield.
They do everything remotely. They set up secure transfer systems, and we send over our files. They review the files, and we hop on calls on at least a weekly basis. We discuss the activities we need to undertake to comply with the system, and they provide us with a report.
What is the team composition?
We just worked with one teammate.
How did you come to work with IT Audit Group LLC?
We chose them because they were the cheapest, by far.
How much have you invested with them?
We’ve spent somewhere around $4,500.
What is the status of this engagement?
The engagement began in May 2019 and the audit was done by late June. The same process was repeated for 2020. I don’t see any reason why we wouldn’t continue to work with them.
What evidence can you share that demonstrates the impact of the engagement?
Their work was extremely comprehensive. There’s a certain section of the standard that lists all the requirements that need to be met, and their report addresses each of these in detail. We can go back at any time to examine how our work measures up.
How did IT Audit Group LLC perform from a project management standpoint?
I just kept in touch with my point of contact via email. There was a method for us to collaborate through the site on which we upload our secure documents. The project management was fairly smooth.
What did you find most impressive about them?
The audits are handled in a very constructive manner. We’ve been able to learn a lot and improve, thanks to their work.
Are there any areas they could improve?
While COVID-19 has made remote work standard procedure, it would be nice if we could meet in person at some point. As far as their work goes, they’ve fulfilled our needs, and their methods are great.
Do you have any advice for potential customers?
Make sure you’re receptive to feedback.