For the next 30 days we will address questions about I.T. compliance … and how you can take the pain out of staying compliant. Do you have an I.T. compliance question you’d like us to answer? If so, we’d love to hear from you!
These questions may span across many compliance mandates, from PCI DSS, HIPAA, SOX, ISO and more; or they may be specific to a particular mandate like FERC or NERC.
Many of our answers will involve using our software to solve your problem, but we’ll also include other tips and tricks that we think are useful.We’ll approach this by asking, “What questions might you hear during a typical compliance audit, and how can you best (and most easily) answer them?”
So let’s kick off today’s question …
How do I prepare for a compliance audit?
As Benjamin Franklin famously said, “By failing to prepare, you prepare to fail.”
Preparing for a compliance audit should be part of everyone’s ongoing compliance process, not an end in itself. The recently implemented PCI 3.0 mandate describes payment card security as “part of business as usual, rather than a snapshot in time.” This is the right way to view compliance programs, as they can be used to help a business to increase their security maturity or prove competency at an existing level.
With that in mind, your audit preparation should have started sometime before the audit – possibly months or even years, depending on the compliance standard you are working on and the complexity of your environment.
Here are some of our favorite resources for getting a handle on audit preparation:
Surviving a Compliance Audit
Start to End: Keys to an Audit-Driven Corporate Compliance Program
Pre-audit planning: Four Keys to a Successful IT security Audit
10 Steps to Meet Data Compliance Audits
Audit management: Five Strategies to streamline the PCI audit process
PCI DSS Self-Assessment Questionnaire
10 Ways to Fail a PCI Compliance Audit
Tips for Passing a HIPAA Audit
HIPAA Omnibus Audit Preparation
5 Recommendations to Prepare for a HIPAA Audit
Preparing HIPAA Business Associates and Subcontractors for 2014 OCR audits
Passing a SOX Audit: Lessons Learned from an Information Security Professional
5 Ways to Prepare for a SOX Audit
Preparing for an ISO 9001 Certification Audit
Do you have a great resource that we should add to this list? If so, please tell us about it!