Regulatory Compliance

Proactive, cost-effective security with a business focus
 

Compliance Audit

NWN provides both assessment and audit services related to regulatory compliance.  Both are designed to help customers identify where they stand with respect to regulatory compliance and will result in a prioritized set of recommendations created to achieve compliance as efficiently as possible.

NWN STAR’s compliance audit services involve formalized testing of controls.  Such testing is typically performed according to the following process:


(1)    Identification of control objectives - may be defined by the regulation, by the client or in conjunction with NWN


(2)    Identification of key controls - may be defined by the regulation, by the client or in conjunction with NWN


(3)    Development of a test plan for each key control - test plans will factor the type of control, the frequency of control implementation and the type of evidence available.  Tests will generally involve the following


        - Inquiry: Inquiries seeking relevant information or representation from appropriate client personnel

        - Observation: The application or existence of specific controls, as represented, is observed

        - Inspection: Documents and records indicating performance of the control are inspected

        - Re-performance: The control procedure is re-performed to verify that consistent and accurate results


(4)    Execution of the test plan including collection of evidence


(5)    Documentation of testing results whereby each control receives either a pass or a fail score

Compliance assessment

NWN STAR’s compliance assessment services provide a set of findings and recommendations that is similar to the compliance audit, but without formalized test plans and pass/fail results.  A compliance assessment leverages the testing performed during NWN’s Core Risk Assessment, combined with any regulation specific testing to develop a qualitative understanding of the state of overall compliance.  The results of the assessment will be highlighted in a document detailing each for control specified by the regulation, the state of that control and prioritized recommendations for remediation.