Policies and Controls Testing


Policies Testing

Policies are effective only if they meet the following criteria:


Unfortunately, policies and procedures in many organizations mean nothing more than MS Word files stored in shared drives and opened only at the time of audits. The real benefits of a formally implemented policy are rarely accrued.

SISA helps organizations to ensure that their information security policies and procedures are actually achieving their intended objectives.  The following is a brief description of our approach to Policies Testing:


Controls Testing

Security is only as effective as the controls implemented. Controls can be of any of the following types: Physical, Technical and Administrative. These are further classified as Preventive, Detective and Corrective controls.

Controls testing, therefore, calls for a unique set of skills and expertise that includes:

 SISA can help you with this. Our approach to Controls Testing consists of