IT General Controls – Review of IT General Controls that are applied to applications, operating systems, databases, networks and supporting IT Infrastructure. Some of the domains covered as part of the review include Policies and Procedures, Risk Assessment, User Access Management, Change Management, Backup and recovery, Patch management, End-point security, etc.

ERP Controls review – ERP controls are critical to ensure the integrity of the application and its data. Some of the domains covered as part of the review include User Access Management, Privileged Account Management, Audit Logs, Change Management, Batch Processing, etc.

Attestation Readiness ( SOC 1, SOC 2 and SOC 3) – SOC reporting provides assurance to customers and their auditors. SOC reporting is a great tool to demonstrate controls and provide comfort to your customers on the design and operating effectiveness of controls. As part of attestation readiness, our experienced will perform an assessment and identify areas with potential gaps and provide recommendations. We will also go a step ahead to help you implement these controls and handhold through the independent attestation process.

Segregation of Duties (SOD) design – An ineffective SOD design could be costly and may also lead to control weaknesses and frauds. Finstein has developed a complex methodology to identify SOD conflicts, evaluating the impact of SOD violations and redesigning roles to ensure SOD is maintained.

ISO Certification Support – ISO 27001:2013 boosts an organization’s information security quotient and the certification process can be tricky involving enormous efforts to define and implement policies. We will help you identify potential gaps and implement controls. We will also go a step ahead to handhold you through the certification process.