Monitoring and Audit
The implementation of appropriate Security and privacy safeguards is not sufficient. That is, on-going monitoring and audit is required to ensure that security and privacy profiles established remain in tact. Further, as such things as the business area, best practices, the environment and technology change there is a need to go back and validate that the safeguards in place are still adequate.
Monitoring and audit must be done over the complete life cycle of and IT system. That is, from the conceptual phase, through design, development and implementation and throughout the entire operational life. In fact, it also extends into the phase out period in some instances.
Where system security certification and accreditation have been achieved the problem is much simplified. However, where the process is less rigorous, a real challenge exists. Monitoring and audit can only be done properly where a complete framework exists. If the policies, standards, best practices and methodologies are not established then there is no benchmark or baseline for comparison. If the baselines do not exist PDR Global consultants can assist to establish these demarcation points.
PDR Global Inc. can be called upon to assist with security program reviews, the completion of Threat and Risk Assessments, cross-certification studies, Public Key Infrastructure (PKI) Certification Authority (CA) audits, Privacy Impact Assessments (PIAs), and security assessments against established security policies, standards or best practices to establish compliance. This will assist organizations in minimizing their risk or exposure.