• Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Penetration Testing
      • Privileged Access Management
      • Social Engineering – End User Security Training
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Review
      • SHIELD for Small & Medium Business
    • IT Government Compliance
      • CMMC
      • DFARS Compliance
      • FTC Safeguards Virtual CISO
  • Industries
    • Financial Services
    • Government
    • Enterprise
    • Auto Dealerships
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Penetration Testing
      • Privileged Access Management
      • Social Engineering – End User Security Training
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Review
      • SHIELD for Small & Medium Business
    • IT Government Compliance
      • CMMC
      • DFARS Compliance
      • FTC Safeguards Virtual CISO
  • Industries
    • Financial Services
    • Government
    • Enterprise
    • Auto Dealerships
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

IT General Controls Review

Home ServicesIT General Controls Review

Hacking is on the rise. Ransomware is everywhere. You cannot afford to lose your business because of a default password or forgetting to patch a desktop.  

But, we have seen this happen again and again.

Threats come from multiple sources: the insider employee or the outsider agents via the Internet. All software and hardware have inherent vulnerabilities. OCD Tech can test your security posture and provide you with the information needed to make appropriate decisions to mitigate risk, and decrease exposure to these threats.

IT General Controls Review – Technology is key to supporting your business processes. We will review the policies, procedures and activities that contribute to your controls. These can include infrastructure configuration, change and patch management, virus and malware coverage, and user account security.

Contact Us

IT General Control Review Areas

In Massachusetts, a Written Information Security Program is required (WISP)

Data Security Regulations (201 CMR 17.00 et seq.)

  • Identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of PI in any form.
  • Develop, implement, maintain & monitor a comprehensive, Written Information Security Program (WISP) establishing safeguards against data breaches.
  • Maintain minimum computer security systems (firewalls, updated virus definitions and patches, password management protocols, etc.).
  • Encrypt all records containing PI transmitted across public networks or wirelessly, and as stored on laptops and other portable devices.
  • Oversee service providers and require by contract to implement & maintain safeguards to protect and secure PI.

Desktop and Server Configuration

  • Network scan to identify suspect devices
  • Anti-Virus/Malware coverage
  • Software firewall configuration
  • Windows program installation
  • Password policies (default passwords)
  • Application/Security event logging configuration and retention
  • Windows desktop local administrator group membership
  • Security patch levels for the operating system and web browser

Wireless WiFi

  • Still using WEP?  Or worse, no encryption at all?
  • Have vendor default passwords been changed?

Backups

Backup technologies are stored appropriately and any confidential data is encrypted

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2024 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us