With mounting regulatory scrutiny and stiffer penalties for an increasing level of data breaches worldwide, leading data compliance audit firm 360 Advanced is advising vendors managing consumer data to plan now to complete or update examinations in 2016 attesting to their compliance with industry-standard data protection processes.
The readiness assessment and the actual compliance examination can require a timeline of up to six months to complete, according to Eric Ratcliffe, Director at 360 Advanced PA, a national, multi-service, licensed Certified Public Accountant (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers.
“Compared to the huge fines being levied and the enormous cost of lawsuits following breaches, completing the IT controls audit process is inexpensive, in relative terms, considering the financial investment and staff time involved,” said Ratcliffe. “With the 2016 budget cycle for most businesses commencing now, it is a wise executive decision to consider adding a line item to comfortably fund this essential initiative next year.”
IT security audits can examine a firm’s levels of compliance with standards such as the Service Organization Controls 1 (SOC 1 or SSAE 16), SOC 2, SOC 3, PCI DSS (Payment Card Industry Data Security Standards), Health Insurance Portability and Accountability Act (HIPAA) Security/HITECH, Microsoft Supplier Security and Privacy Assurance Program (MSSPA) and others.