NCSC Audit and Review
The IT Governance NCSC Audit and Review is an in-depth and detailed evaluation of an organisation’s cyber security posture in relation to its compliance with UK government security objectives, policies, standards and processes.
Recognised and approved by the NCSC under the Certified Cyber Security Consultancy scheme, the Audit and Review consultancy is designed to provide public and private organisations with an audit of their compliance readiness in relation to the standard for which they seek accreditation. In other words, this consultancy service is a risk- and compliance-based audit.
Responding to your needs
The objective of our Audit and Review service is to assist clients by providing independent risk- and compliance-based audit assessments of their organisation’s compliance with HMG security objectives, policies, standards and processes such as HMG Security Policy Framework (SPF), National Cyber Security Strategy, HMG IA Maturity Model (IAMM), and other relevant schemes, regulations and standards, such as the EU Directive on the security of networks and information systems (NIS Directive), ISO 27001, Cyber Essentials, 10 Steps to Cyber Security, Cloud Security Principles and the Payment Card Industry Data Security Standard (PCI DSS).
For whom is it designed?
The NCSC Audit and Review consultancy service from IT Governance is primarily designed for public sector and critical national infrastructure (CNI) organisations of any size that require independent risk- and compliance-based audit assessments. It is also beneficial for private-sector organisations that seek to provide a high level of assurance and instil confidence among their public-sector customers and stakeholders.
What the service delivers
You will receive consultancy support and advice on:
- Verifying that information processes are in line with security policy criteria and procedural requirements;
- * Defining and implementing processes and techniques to ensure ongoing compliance with security policies, standards, and legal, regulatory and contractual requirements;
- Carrying out security compliance audits in accordance with an appropriate methodology, standard or framework;
- Providing impartial assessment and audit reports covering security compliance audits, investigations and information risk management;
- Providing an independent opinion on whether your organisation is meeting information assurance control objectives;
- Developing audit plans and audit regimes that match your organisation’s business needs and risk appetite;
- Identifying your organisation’s systemic trends and weaknesses in security;
- Recommending responses to audit findings and appropriate corrective actions;
- Recommending appropriate security controls;
- Assessing the management of information risk across the organisation or business unit;
- Recommending efficiencies and cost-effective options to address non-compliance issues and information assurance gaps identified during the audit process; and
- Objectively assessing the maturity of an existing information auditing function using cross-government benchmark standards.
Depending on the type of audit and review engagement, the audit will focus on one or a combination of the following policies, standards and frameworks:
|HMG Security Policy Framework
||NCSC Policies and Guidelines
|10 Steps to Cyber Security
||20 Critical Controls for Cyber Defence
|IA Maturity Model
|14 Cloud Security Principles
|EU General Date Protection Regulation (GDPR
|NHS Information Governance (IG) Toolkit
||NHS DCB 1596 Secure Email Standard
Find out more
Speak to an expert
For more information on how IT Governance can help with your Cyber Security Audit please contact us by using the methods below.