What can an Information Security Program Audit do for our organization?

An information security program audit (ISPA) is a type of compliance audit that identifies potential cyber security gaps. It also provides guidance on implementing the State Administrative Manual (SAM) Chapter 5300 including referenced Statewide Information Management Manual (SIMM) procedures and NIST Special Publication 800-53 security and privacy controls. Often times, third party guidance is helpful in highlighting known issues through findings and observations. Audit results may provide needed pathways to resource acquisition or additional funding.