Policies, Procedures & Practices Assessment (PPPA)
Illumant reviews the body of IT policies and procedures and compares them with best practices and regulatory compliance objectives. The PPPA includes:
|
The PPPA identifies organizational vulnerabilities that are not mitigated by technical security measures, while ensuring compliance with relevant regulations including the Gramm-Leach-Bliley Act (GLB). In 1999 Congress passed GLB and required regulatory agencies, such as the FDIC, FRB, OCC, and NCUA, to develop security standards including requirements for security policies, security measures, and annual assessments. The PPPA provides a gap analysis relative to regulatory requirements and best practices such as ISO17799 and Control Objectives for Information and related Technology (COBIT), as well as practical recommendations for remediating gaps.
More specifically, the PPPA examines employee training and management, back-up and disaster recovery procedures, separation of duties, incident response, administration of access controls, intrusion detection and log monitoring, customer communication, and application and system development, among others. During the assessment, Illumant interviews key personnel to establish each client's de facto policies, procedures, and practices; collects and reviews associated documentation; and performs a gap analysis with industry standards and best practices, such as ISO17799 and NIST. The resulting analysis is documented in a report that provides specific and actionable remediation advice.
To request a quote or more information, click here.