What is an Administrative Controls Assessment?
Administrative controls are the backbone of your information security program. Administrative controls provide the governance, the rules, and the organization’s expectations as to how information is protected.
An administrative security controls assessment identifies and measures gaps in your security policies, processes and procedures. It also measure how well you comply with your documented security policies.
Administrative security controls are included in any of our full assessments and are critical to any robust information security program. All security compliance requirements (HIPAA, FDA, ITAR, PCI, etc.) require documented security governance and “regular” assessment of that governance.
Why would I want this?
There are multiple reasons:
- Regulatory compliance requiring a security assessment
- A customer is requiring one
- You’ve seen high profile breaches on the news and wonder how secure your IT environment really is
What makes Gratia, Inc. different?
There are many significant value propositions that our clients realize. Examples include:
- Gratia, Inc.’s Methodology – Gratia, Inc. has developed a proprietary approach to assessing information security risks. It’s more than a checklist of questions and recorded answers. Our approach gives you a full picture of your risks – prioritized and rated – with recommended solutions, so you know which security investments will have the greatest impact.
- Full Transparency – Gratia, Inc. strongly believes in empowering our customers. The more knowledge transfer that occurs during our engagement, the more value our customers recognize. Gratia, Inc. fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
- Product Agnostic – Gratia, Inc. does not represent any third-party products or services; on purpose. Our projects and recommendations stand on their own, with no ulterior motive to sell you things you don’t really need.
What are the deliverables I should expect?
We consistently get great feedback on our reporting style. Gratia, Inc. has spent years developing reports that communicate assessment results in clear, easy to digest ways, that are appropriate for both technical and non-technical audiences. Typical deliverables out of an information security assessment include:
- Executive Summary Report
- Full Report
- Action Plan and/or Road Map
What does an Administrative Controls assessment cost?
At Gratia, Inc., every project is custom designed for our clients. We take into account your organization’s size, complexity, industry, compliance requirements, and most importantly, your actual needs. Because of our tailored approach, all you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.