IONICA provides comprehensive security auditing, analysis, remediation, and consulting to bring your products into compliance.
Standards supported include:
- CIS Benchmark, levels 1 and 2
- CyberSecure Canada
- Security Policy Implementation Notice (SPIN)
- British Columbia Security Threat and Risk Assessment (STRA)
- PCI-DSS
- PIPEDA
- PHIPA
- FIPS 140
- DISA-STIG
- HIPAA
- SoX
- CSE ITSG-22
- CSE ITSG-38
- Internal organisational standards
Process
Gather information – meet with stakeholders to learn which security standards are to be met, which environments are to be assessed, and the business motivation behind achieving said standards.
Coordination – schedule appropriate times for each type of audit activity to take place, gain required approvals from managers,Perform audit – assess environments and applications security posture. Identify areas of potential improvement. Document environment characteristics.
Present findings – all findings are documented in a comprehensive formal report. Report is presented to client, where each finding and recommendation is explained in detail.
Remediation planning – IONICA supports business in determining which elements of infrastructure and applications are to be modified after the presentation of findings. A plan and schedule is drafted, working closely with the client to align activities with organisation operations and application development cycles, to execute remediation.
Remediation – modify environments according to remediation plan, based on findings of security assessment. Remediation measures can be undertaken by client staff, development agency, or IONICA staff.