Policies Procedures and Practices Assessment (PPPA)

Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. Includes interviews with IT personnel and documentation review.


  • Policies and procedures review
  • Practices review
  • Gap analysis vs best-practices/regulatory requirements
    • Best-practices
    • HIPAA
    • SOC2 / SSAE16 / SAS70
    • FISMA
    • ISO27002
    • NIST 800-53
    • CIPv5
    • PCI
    • GLBA
  • IT interviews
  • Documentation reviews


  • IT and security policies and procedures documentation
  • De facto practices
  • Access controls
  • Breach response
  • Change management
  • Operational controls
  • Technical controls
  • Compliance

Policy review Procedures review Practices review documentation review IT interviews gap analysis compliance best-practices regulatory requirements

Security policies security procedures documentation security practices IT

Best-practices HIPAA SOC2/SSAE16/SAS70 FISMA ISO27002 NIST 800-53 CIPv5 PCI GLBA