BKD’s IT reviews consist of an examination of the controls within your organization’s information technology infrastructure. This evaluation helps your company’s information system appropriately safeguard assets, maintain data integrity and operate effectively and efficiently to achieve your goals.
Our tested methodologies and techniques can help your organization comply with state, federal and international regulations and facilitate their integration with your technology processing and controls. Our services address the IT regulatory environments established by the Federal Financial Institutions Examination Council (FFIEC) and various laws including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Sarbanes-Oxley Act of 2002 (SOX).
A company’s risk assessment program is the foundation of its information security program. Some organizations require a risk assessment to be performed, while others may apply the risk assessment as a component of SOX compliance or internal audit activities.
Risk assessment is an ongoing process, but should be reassessed any time a new server is installed or new controls are implemented. Ideally, assessments should occur before changes are made. BKD IT Risk Services uses a risk-assessment process based on guidelines from the National Institute of Standards and Technology’s (NIST) Risk Management Guide for Information Technology Systems and the FFIEC's Information Security Handbook. Assessment results are analytical reports that help you understand the risks to your organization’s information system.
Addressing the many compliance issues surrounding information processed through ATMs and POS terminals is no simple task. BKD professionals can help you evaluate your financial institution’s technical, operational and security-related policies and procedures.
Our TR-39 certified auditors have the tools to help you evaluate vulnerabilities in storage and encryption. Areas you should look to protect include customer PINs as well as PIN and key encryption keys. Our team can help you test and document for PIN Security compliance and key management.
The Pulse and STAR networks require all processing members to comply with a TR-39 audit every two years, and the NYCE network requires the same of all directly connected processing members.