IT Compliance

Peace of Mind

In an increasingly complex regulatory environment, compliance risk management is essential, whether to meet statutory requirements, adhere to best practices in corporate governance, or reduce reputational risk. Our IT auditors can address any aspect of compliance, from financial audit and public company audit requirements to IT internal control validation and audits for businesses seeking to enhance their marketplace credibility.

We help hundreds of clients manage their compliance risk. Our IT auditors specialize in a variety of industries and hold credentials in a number of IT compliance disciplines. For example, many are certified Payment Card Industry (PCI) Professionals, PCI Approved Scanning Vendors, and PCI Qualified Security Assessors. In addition, we’re members of organizations such as the American Institute of Certified Public Accountants’ Assurance Services Executive Committee and its Trust/Information Integrity and SOC 2 task forces, the Cloud Security Alliance, and the Information Systems Audit and Control Association.

Solutions We Offer


Most companies with operations or customers in California will need to comply with new rules for collecting consumer information. Learn how to prepare.

The California Consumer Privacy Act (CCPA), passed in 2018, redefines how businesses must handle consumers' personal information. With the January 1, 2020 compliance deadline fast-approaching, businesses must take steps to prepare—or face steep fines for noncompliance.

Join us as we discuss how the new audit framework validates the state of a cyber-risk program, addresses the specific concerns of a broad audience of stakeholders, and complements other risk frameworks.

More and more companies are outsourcing services. Ideally, a third-party vendor would exert the same level of internal controls you would.

Learn what an information security governance program is and how to implement one to protect your business from cyberthreats.

Preparing for a SOC audit doesn’t have to be daunting or time consuming. During this webcast we will discuss how to determine which report (SOC 1, 2, or 3) and which type is appropriate for your organization, the nature of the controls to promote, the time commitment to anticipate, who should be involved, and how to assemble the requisite documentation.

Primary Contact