Building an Audit and Assessment Program

An effective Audit and Assessment Program will allow you to identify your CurrentState of security, so that you can develop a roadmap to get to your DesiredState.

Based on regulatory requirements and your organization's resources, it may become necessary to implement an internal Audit and Assessment Program. SecureState has experts in PCI, Privacy, NERC CIP, ISO 27001, HIPAA, TR-39, SAS 70, SOX, and GLBA that can help develop a tailored Audit and Assessment Program for your organization.


An internal Audit and Assessment Program will ensure that your organization is engaged on all regulatory requirements and maintains continual compliance.


SecureState has experience performing audits and developing audit programs for PCI, Privacy, NERC CIP, ISO 27001, HIPAA, TR-39, SAS 70, SOX, and GLBA.

Detailed Approach

SecureState begins program building by performing an assessment of the environment to determine the current state of the audit program and developing a prioritized list of tasks that align with business goals. We will then conduct a facilitated Whiteboard Session with key resources at your organization to identify applicable regulatory requirements, compliance frameworks, compliance scope, and roles and responsibilities.

SecureState will then develop a governance structure and associated policies that maps your current organization to a relevant compliance framework. This will include identifying Audit and Assessment roles and responsibiltiies, developing assessment timeframes and milestones, and scheduling regular leadership meetings.

Get Started!