30 Days of IT Compliance Q&A #1: How Do I Prepare for a Compliance Audit?

For the next 30 days we will address questions about I.T. compliance … and how you can take the pain out of staying compliant. Do you have an I.T. compliance question you’d like us to answer? If so, we’d love to hear from you!  

These questions may span across many compliance mandates, from PCI DSS, HIPAA, SOX, ISO and more; or they may be specific to a particular mandate like FERC or NERC.

Many of our answers will involve using our software to solve your problem, but we’ll also include other tips and tricks that we think are useful.We’ll approach this by asking, “What questions might you hear during a typical compliance audit, and how can you best (and most easily) answer them?” 

So let’s kick off today’s question …

How do I prepare for a compliance audit?

 As Benjamin Franklin famously said, “By failing to prepare, you prepare to fail.”

Preparing for a compliance audit should be part of everyone’s ongoing compliance process, not an end in itself. The recently implemented PCI 3.0 mandate describes payment card security as “part of business as usual, rather than a snapshot in time.” This is the right way to view compliance programs, as they can be used to help a business to increase their security maturity or prove competency at an existing level.

With that in mind, your audit preparation should have started sometime before the audit – possibly months or even years, depending on the compliance standard you are working on and the complexity of your environment. 

Here are some of our favorite resources for getting a handle on audit preparation:

Surviving a Compliance Audit

http://searchwindowsserver.techtarget.com/news/1249789/Surviving-a-compliance-audit

Start to End: Keys to an Audit-Driven Corporate Compliance Program

http://searchcompliance.techtarget.com/tip/Start-at-the-end-Keys-to-an-audit-driven-corporate-compliance-program

Pre-audit planning: Four Keys to a Successful IT security Audit

http://searchsecurity.techtarget.com/tip/Pre-audit-planning-Four-keys-to-a-successful-IT-security-audit

10 Steps to Meet Data Compliance Audits

http://searchstorage.techtarget.com/report/Ten-tips-to-meet-data-compliance-audits

Audit management: Five Strategies to streamline the PCI audit process

http://searchcompliance.techtarget.com/tip/Audit-management-Five-strategies-to-streamline-the-PCI-audit-process

PCI DSS Self-Assessment Questionnaire

https://www.pcisecuritystandards.org/merchants/self_assessment_form.php

10 Ways to Fail a PCI Compliance Audit

http://www.darkreading.com/management/10-ways-to-fail-a-pci-audit/240004877

Tips for Passing a HIPAA Audit

http://www.onlinetech.com/resources/e-tips/hipaa-compliance/tips-for-passing-a-hipaa-audit 

HIPAA Omnibus Audit Preparation

http://www.healthcareinfosecurity.com/hipaa-omnibus-audit-preparation-a-5678

5 Recommendations to Prepare for a HIPAA Audit

http://www.fiercehealthit.com/story/5-recommendations-preparing-hipaa-audit/2013-08-22

Preparing HIPAA Business Associates and Subcontractors for 2014 OCR audits

http://healthitsecurity.com/2013/11/14/preparing-hipaa-bas-subcontractors-for-2014-ocr-audits/

Passing a SOX Audit: Lessons Learned from an Information Security Professional

http://searchdatamanagement.techtarget.com/tip/Passing-a-SOX-audit-Lessons-learned-from-an-information-security-professional

5 Ways to Prepare for a SOX Audit

http://searchoracle.techtarget.com/tip/Five-ways-to-prepare-for-a-SOX-audit

Preparing for an ISO 9001 Certification Audit

http://alexanderwillox.hubpages.com/hub/Preparing-for-an-ISO-9001-certification-audit

Do you have a great resource that we should add to this list? If so, please tell us about it!