Does your business get audited by outside agencies? If you handle sensitive data, such as customer credit card numbers or patient health information, there’s a good chance you do. And the approach of auditors probably fills most IT professionals with a certain amount of dread. Queue Blue Öyster Cult’s “(Don’t Fear) The Reaper.”
TechTarget’s SearchSecurity recently posted an article to take some of the fear out of the auditor’s visit, “Pre-audit planning: Four keys to a successful IT security audit.” Author Steven Weil, a senior security auditor, offers useful advice for making audits both useful and as painless as possible for the auditor and the IT team (and by extension, the business). However, the one point Weil doesn’t mention under “Advance preparation” is that your organization should have regular self-monitoring in place.
Using a solution such as Netwrix Auditor will make visits from the auditor less of a burden. In addition to giving you early warning of potential compliance problems, allowing you to address these issues before an auditor ever see them, configuration monitoring your environment should allow you to produce necessary information or reports when the auditor is present. If nothing else, you’ll have the peace of mind of knowing how you’re doing before it becomes necessary.
Weil makes one point in his article that I think is worth reiterating, and that is: It’s OK to say, “I don’t know.” Many people, particularly in stressful situations such as an audit or a job interview, feel like they have to provide an answer, even if they don’t really know the information. Rather than giving a weak or dishonest answer, you’ll find yourself in a much stronger position if you say, “I don’t know, but I can find out that information for you.”
In the case of an audit, that required information will be much easier to find if you’re running a reliable monitoring solution. In fact, you’ll probably find yourself even less likely to be in the position to answer with “I don’t know.” So, check out Netwrix Auditor, and read this article to see what else you can do to prepare for those visits from the auditor.