The “Huge Value” of Consolidating Your Cybersecurity Audits | Pivot Point Security
Last Updated on September 16, 2020
If that applies to your company, consider the benefits of consolidating your cybersecurity audits so they happen at the same time with one registrar/audit firm.
Streamline your activities to save considerable time and money.
“If I can go to one auditor versus six auditors, I think that’s a huge value proposition,” said John Verry, Pivot Point Security’s CISO and Managing Partner, on a recent episode of The Virtual CISO Podcast. John’s guest was Ryan Mackie, Principal and ISO Practice Director at leading audit firm Schellman & Company. Both John and Ryan are certified ISO 27001 Lead Auditors.
“We’ve designed our services to be able to meet that, so we’ve got cross-trained team members for ISO 27001, SOC 2, FedRAMP, PCI and everything else,” notes Ryan. “Especially with ISO 27001, when we do have the control set in play, there’s so much commonality between just the basics there. So if we can use somebody doing a SOC 2 audit that’s ISO trained, all the testing that they do for SOC we can apply to ISO.”
“If you’re preparing for one external audit that’s going to cover everything-the amount of time that you take away from your control and process owners, the reporting, a consolidated findings document…,” Ryan replies. “And so it’s so much easier to have that (and I hate to say it) one neck to choke.”
With third-party consultants, the time/cost benefits are similar. For example, Pivot Point Security frequently performs consolidated internal audits that cover ISO 27001 and SOC 2, or ISO 27001 and PCI, etc.
If your company is preparing for (or contemplating) an ISO 27001 audit, the episode of The Virtual CISO Podcast with Ryan Mackie will be of enormous value to you.
Originally published at https://www.pivotpointsecurity.com on September 14, 2020.