|
assess...educate...advise
|
DoR/MoU Response Strategy:
making sense of it all
|
Regardless of whether the IT portion of your exam resulted in primary findings with required completion dates or secondary findings that require action at your own pace, a strategy to address those findings is the first step in remediating them. We have frequently found that our clients weren't really missing everything, they just couldn't produce what was required because they didn't adequately prepare for their exam for any number of reasons (lack of resources, turn-over, etc).
R.I.S.C. Associates takes a 7 step approach to addressing DoR's and MoU's:
1) Assess the Letter to determine whether there are conflicts, redundancies or clarifications required
2) Determine the interdependencies of the findings
3) Develop a response plan that can be submitted to the Board or Supervisory Committee as well as the examiner if required
4) Develop project plan
5) Conduct status meetings and generate Management Report
6) Provide a Centralized Tracking Document for all information security regulatory requirements
7) Stand by your side as an Independent 3RD PARTY ADVISOR when the examiner returns
|
|