Assesment and Review Services

​

IT Security and Controls Assesment

​

A key component of your organization’s IT risk management program is the monitoring the effectiveness of its IT controls deployed by your organization.  This can be accomplished by conducting assessments against various frameworks, for example, Center for Internet Security (CIS), or National Institute of Standards and Technology (NIST) Cybersecurity Framework.  Purvis Gray can conduct IT security and controls assessments, utilizing an acceptable framework, and report the results to Management in a form that is both strategic and understandable.

​

In addition, to performing the SOC Examination, Purvis Gray can work with your organization to prepare a SOC readiness assessment which is often recommended for organizations prior to undertaking their initial SOC examination.

​

IT Security Reviews​

​

Areas of Review Include: 

​

• Networking and Data Security 

• Computer Security 

• Information Systems Policies and Procedures

​

HIPPA Security Assesments

​

A HIPAA security assesment evaluates your organization's security and compliance posture against the safeguards specified in the HIPAA Security Rule. 

​

Information Security Policy Development

​

Information Security Policies specify management's intent and expectations for the protection of information and the systems on which it resides, the secure and effective operation of computer systems, and other information sercurity requirements. 

​

Information Security Risk Assesment 

​

Purvis Gray can facilitate your organization’s Information security risk assessment.   An information security risk assessment is a process of identifying the cybersecurity threats an organization faces, determining the risk of exposure to each threat, and providing the results to company leadership.  Risk assessment results should effectively facilitate decision-making regarding the allocation of resources to protect systems and data deemed most critical against real and perceived threats.

 

Security Incident Response Program Development & Testing

 

 An incident response plan includes documented policies and procedures governing your organization's response to security, environmental, or other incidents. Purvis Gray can assist you in developing your incident response program and facilitate testing the effectiveness of the plan.

​

Disaster Recovery Plan Consulting (including Business Impact Analysis)

​

Purvis Gray can assist your organization in  preparing  an effective disaster recovery (DR) plan which includes documented policies and procedures your  organization would follow for the recovery and protection of IT infrastructure and data assets in the event of an environmental and/or facility disaster.