{{item.videoDuration}}
{{item.title}}
{{item.videoDuration}}
Security Assessments
Have your organization been required to comply with international standards or assess currently placed controls for overall improvement of policies and implementation:
- ISO 27000 Information Security Management Standards
- NIST Cybersecurity Framework
- Cloud security
- Business Continuity Management (BCM)
Key issues
- Security of business data in applications
- Weak controls
- Understanding risk across integrated technology platform
Security of business data in applications
Your organisation's financial and business data is vulnerable if too many people have access to system functionality, if monitoring is poor or if preventive controls are not in place.
Errors can creep into financial and business data and without the right detection and control mechanisms, they may not be found and corrected in time. A security and controls review can help make sure your financial and business data remains accurate, giving you the confidence to make the right decisions.
- IT General and Application Controls Review
Weak controls
Regulators are increasing the pressure on organisations to make sure that their business processes are robust, particularly within finance systems. But this isn’t just about compliance. The accuracy of data and robustness of processes (and the controls around them) are critical to the success of an organisation, whether a regulator actively demands it or not.
Whether you’re implementing a new system and want to be sure that the security and controls are appropriate, or want to be confident that your existing processes and controls are effective, a review of business systems security makes sense. Most internal audit plans cover elements of auditing technology solutions but increasingly, systems security and control assurance demands specific technical knowledge.
- IT Governance Review
- ERP Assurance
- Development of IT Policies and Procedures
- IT General and Application Controls Review
- Internal Controls Optimization
Understanding risk across integrated technology platform
The lack of a common risk language fragments the three lines of defense across the enterprise. This leads to preconceived conclusions and unsound management of risk.
With our IT risk and governance services, we can help your organization integrate risk management across your business units and gain untapped efficiencies with your current resources.
- ERP Assurance
- IT General and Application Controls Review
How we can help
ISO/IEC 27001 / 27002 / 27014 Assessment
Perform readiness and gap assessment using the ISO standards, Information Security Management Systems (ISMS), the Code of practice for information security controls and Governance of information security.
Business Continuity Development
Assist in the establishment and conduct of different business continuity activities, from business impact analysis to creation of various continuity plans, to help the organization achieve business resilience.
ISO/IEC 27005 Information Security Risk Management
Assist in the conduct of information security risk assessment and risk treatment based on the company’s risk management framework.
ISO 27001 Lead Auditor Secondment
Assignment of an ISO 27000 Lead Auditor exclusive to one organization who will report to a contact head and will assist the organization in policy reviews, operating manual development, perform assessments, and reporting for a set period of time.
NIST Cybersecurity Framework (CSF) Assessment
Perform readiness and gap assessment using the National Institute of Standards and Technology CSF as the base framework.
SWIFT Customer Security Program (CSP)
Assist or conduct an assessment as an independent external assessor on the Customer Security Controls Framework (CSCF) mandatory and advisory controls.
Assurance on Business Continuity Management (BCM)
Perform readiness and gap assessment to identify the organization’s preparedness and response effectiveness to the identified threats that may disrupt business operations, and provide necessary improvements to prevent, mitigate, and recover from these disruptions.
Cloud Management Audit
Perform assessments to ensure that information placed by an organization in the cloud is maintained with sufficient security controls, complies with contractual requirements, and implements appropriate vendor risk assessments that highlights controls and contingency plans in place to prevent and address data breach or loss.
Why are we qualified to help
PwC partnered with a local commercial bank in conducting an ISO/IEC 27000 Information Security Management Assessment to improve currently placed policies and implementing procedures of the organization focused on information security.
A leading bank in Brunei engaged PwC to perform ISO/IEC 27000 Information Security Management Assessment to assist them in reviewing policies and inform them of gaps found in the international standard and resolve them accordingly.
Research and insights
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Related Content
Contact us
Follow PwC Philippines
