Audit & Compliance Services

Today nearly every organization is affected by some form of Security or Privacy regulation, due to industry specific, or government regulations.  We can help you navigate through the complexities of these regulations, how to apply them to your organization, identify the pertinent controls and then assess whether you are compliant.  With experience on both sides of a Compliance Program, auditing as well as maintaining, we come with a unique perspective to guide you through what gaps are material and how to efficiently address them.

​

Here are some of the regulations and frameworks we have experience with:
SOX

FISMA, NIST

FFIEC

HIPAA

ISO 27001

GPDR

CCPA

Let's face it, Audits can be STRESSFUL!  Sometimes they are performed during a period that is otherwise challenging, adding stress to existing bandwidth and operational constraints.  Employee turnover during the period and focus of audit, can also present challenges to audit results which have minimal tolerance for deviation from control operating effectiveness.  

​

The name of the game here is preparation!  The sooner you can put in place self assessment of your controls, and self-correct throughout the year, the better off your audit results.  In addition, bringing in a third party to assess your control design and operating effectiveness well in advance of the actual Audit, always pays dividends.  This gives you the time to fix gaps, and shows the Auditor you have proactive Management Oversight over the controls in scope for the Audit.  

​

Some examples of Audit Readiness that we can deliver:

Internal Audits, SOC1, SOC2, SOX, FISMA, NIST, FFIEC, HIPAA, PCI, ISO 27001

​

We can even stick around during the actual Audit to act as a Liason with your auditor, to ensure a smooth process and best possible outcome.

k2 offers deep experience in both Internal and External IT Auditing.  With capability to partner with your Internal Audit or Compliance function to bring specific expertise or additional manpower to an Audit, or from a Strategy Perspective to perform the Annual Risk Assessment, Audit Planning and Roadmap development. 

 

In some cases we also partner with Big4 and other consulting firms to provide External IT Audit services.  

​

Our value proposition - the Founder of k2 has experience in Big4 Audit, Internal Audit, as well as managing and transforming Security Programs as a CISO.