security-auditingESS Advisory Practice offers a full range of auditing services to assess and benchmark against best practice, government and industry specific security standards. Auditing services are delivered through a dedicated, in-house CESG Listed Adviser Scheme (CLAS) team which includes qualified auditors with detailed experience of applying audit standards such as ISO27007 and ISACA guidance. Auditing skills extend to practical knowledge of tools such as COBIT and VAL IT and key private sector standards such as PCI DSS approved security scanning.  The ESS Advisory approach offers an objective assessment designed to be supportive rather than critical that is delivered in clear reporting language for both technical and non-technical stakeholders. Security Auditing skills include:

  • Assessing compliance with internal policies, standards and processes in context of business objectives
  • Assessing compliance with external requirements such as ISO27001, HMG Security Policy Framework and Privacy legislation
  • Definition of Information Assurance (IA) control objectives
  • Identification of security specific trends
  • Recommendations to support audit findings