Ecryp understands that IT auditors work at the intersection between the IT systems and the people who specify, develop, implement, use, manage, and maintain them, and thus need to be competent and comfortable with both aspects. When evaluating technical system vulnerabilities, for instance, the auditor clearly needs a strong understanding of the technology in order to identify and characterize genuine technical issues. Further, it is entirely reasonable for the auditor to explore the reasons why known vulnerabilities were not identified and resolved (e.g., by patching) by the systems managers and others perhaps even to challenge the original technical architects, developers, testers, and administrators of the faulty system.

 Ecryp's deliverables include:

• Operational computer system/network audits: Review the information security and other controls within and surrounding operational computer systems and networks.

• IT installation audits: Review the computer building, suite, room, or cupboard, including aspects such as physical security, environmental controls, computer and network operations processes, and management systems and of course the IT equipment itself.

• Developing systems audits: Project/program management controls and implementation of appropriate information security controls within and supporting the developed system.

• IT governance, management and strategic audits: Review the organization, structure, strategy, work planning, resource planning, budgeting, cost controls, and so on and, where applicable, relationships with outsourced IT providers.

• IT process audits: Review processes within IT such as applications deployment, operations, maintenance, housekeeping (backups, preventive maintenance, etc.), support & incident handling, controls protecting the confidentiality, integrity, and availability of systems and data.

• IT compliance audits: Review compliance with external requirements (i.e. IT-related laws and regulations such as software copyright and personal data/privacy) and internal/corporate requirements (IT/information security policies, standards, procedures, and guidelines).

• Benchmarking: Comparing the IT performance, efficiency, and/or capabilities of an organization to other similar organizations, or comparing business units within a large organization, or measuring against generally accepted standards.

• Contingency planning: Review business continuity and IT disaster recovery plans and the associated processes (e.g., tests and exercises).

• Special investigations: Contingency and un-pre-planned work such as investigating suspected frauds or information security breaches, performing due diligence review of IT assets for mergers and acquisitions, and investigating incident reports from whistle-blowers.

• Other: Ecryp's IT auditors often work alongside financial, operational, and other non-IT auditors, supplementing the team with expertise on the IT systems aspects contributing to risk assessment workshops and may offer IT consultancy advice or mentoring to risk, security and compliance professionals.

To know more about this service, team profile or for business enquiries kindly contact us at

info@ecrysolutions.com