IONICA provides comprehensive
security auditing, analysis, remediation, and consulting to bring your products into compliance.
Standards supported include:
CSE ITSG-22
CSE ITSG-38
SPIN
CyberSecure Canada
British Columbia Security Threat and Risk Assessment (STRA)
PCI-DSS
PIPEDA
PHIPA
HIPAA
SoX
Internal organisational standards
Process
Gather information – meet with stakeholders to learn which security standards are to be met, which environments are to be assessed, and the business motivation behind achieving said standards.
Coordination – schedule appropriate times for each type of audit activity to take place, gain required approvals from managers,
Perform audit – assess environments and applications security posture. Identify areas of potential improvement. Document environment characteristics.
Present findings – all findings are documented in a comprehensive formal report. Report is presented to client, where each finding and recommendation is explained in detail.
Remediation planning – IONICA supports business in determining which elements of infrastructure and applications are to be modified after the presentation of findings. A plan and schedule is drafted, working closely with the client to align activities with organisation operations and application development cycles, to execute remediation.
Remediation – modify environments according to remediation plan, based on findings of security assessment. Remediation measures can be undertaken by client staff, development agency, or IONICA staff.
