Service Delivery and Support – The IT Infrastructure Library (ITIL) comprises recognised best-practice in areas such as incident management, problem management, change management, release management, configuration management (see below) and the service desk; also service level management, capacity management, availability management and IT continuity management. We can assist in the implementation of an ITIL-compliant function, or perform reviews in each of these areas.
Configuration Management – Physical and logical architecture of internal networks, platforms, hardware, software, security components, source code management or revision control, test environments, test documentation, databases, and applications.
Application Audit – Perform a specific audit of a single application. Application audits can also pertain to a business process that relies on multiple IT systems. We typically examine controls in administration, inputs, processing, outputs, etc.
IT Infrastructure Audit (operating systems, databases and network) – Assessment of logical access, data protection, interfaces, data transmission etc.
IT Audit – Kingston Smith Consulting can perform the entire process of collecting and evaluating evidence of an organisation's information systems, practices, and operations; or supplement an existing function. We use COBIT as recognised best practice control objectives.
Regulatory Audits – We work with the client organisation to define the scope of the survey, then we assist you to evaluate a programme fairly against relevant legal and regulatory requirements. We have staff experienced in Sarbanes Oxley, Data Protection Act, Basel II, MiFID, HIPAA, amongst others.
SAS70 Assessment – Reviewing of contracts, procedures, controls regarding the transaction processing of a service organisation. If you need to prepare a SAS70 we can develop the document, identify control gaps and help you remediate them. For an existing SAS70 we can act as the independent auditor performing the required testing and issuing the audit report.
PCI – Evaluation of compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Such compliance is designed to assist organisations handling credit card data to protect themselves against the threat of security breaches. We can assist with PCI scoping to help limit the amount of work needed to be performed and provide assistance with the completion of Self Assessment Questionnaires for smaller organisations.
ERP – We work with industry-standard enterprise resource planning packages eg SAP, Oracle, etc and can provide consulting and audits related to these ERP packages.
End-User Computing – Reviewing the controls associated with technology outside the traditional IT environment, especially assurance over critical spreadsheets etc.
