Security IV&V

Independent Controls Testing and Evaluation

 

Overview

Assura’s Cybersecurity Independent Verification and Validation (IV&V) services help clients to ensure that their Cybersecurity programs, IT systems, and IT applications have the correct management, operational, and technical controls to ensure security and compliance.

Understand Your Compliance and Security Posture

Assura leverages its technical and regulatory expertise to conduct an IV&V that is sized to the needs of each project. We then utilize a combination of tools and techniques to quickly and expertly assess each control. This ensures that the controls suite meets the security and compliance goals and objectives of the organization. Assura delivers the following with each IV&V:

  • Determination of IV&V boundaries
  • Controls Test Plan that identifies the controls within the scope of the IV&V to be tested and how they will be tested
  • Analysis with a quantitative benchmark score that measures compliance with regulations, internal policies and system-level security plans and baselines
  • Qualitative analysis and evaluation to ensure maximum control effectiveness
  • A comprehensive report and executive-level briefing documenting the results and recommendations of the IV&V team

Compliance Expertise

Assura’s security professionals are experts in compliance with laws, regulations and standards such as:

  • CJIS
  • COBIT
  • FERPA
  • FFIEC
  • HIPAA/HITECH
  • ISO 23001
  • ISO 27001/27002
  • ISO 31000
  • IRS 1075
  • NIST SP 800-53
  • NIST SP 800-37
  • PCI DSS
  • SOX
  • SSAE-16/SOC 2
  • State-level security standards and data protection laws

And of course every IV&V is backed by Assura’s unique AuditArmor™ Guarantee!