Audit and Assessment
With over 15 years’ experience of passionately performing financial, security and compliance audits, our services are geared towards ensuring that our clients successfully align themselves with the essential laws and regulations.
Cadra specializes in the following audits and assessments:
FedRAMP/FISMA (NIST 800-53):
The Federal Risk and Authorization Management Program (FedRAMP), as well as the Federal Information Security Management Act (FISMA) related security assessments ensure that your organization adhere to federal guidelines. Our team at Cadra is here to help you reach your FedRAMP and FISMA authorizations. We assist with package creation by performing a gap assessment and technical writing, including a System Security Plan (SSP), Plan of Action and Milestones (POA&M), and the required policies, procedures, and plans.
CMMC (NIST 800-171):
Cybersecurity Maturity Model Certification (CMMC) represents a framework that demonstrates how information systems and policies should be created to protect Controlled Unclassified Information (CUI) as required by the Department of Defense (DoD). As experienced cybersecurity professionals, we assess the organization’s control protocols by interviewing your staff, reviewing network diagrams, policies and procedures and ensuring that your processes match your procedures. Our thorough assessments ensure that you are compliant with regulatory standards.
SOC1/SOC2:
The System and Organizational Control (SOC) reports, once obtained, distinguish the services your organization provides as it establishes the efficiency and effectiveness of your control system. This gives your clientele unshakable confidence in your business’ security posture.
With our 15 years of experience, we’ve helped teams seamlessly move through the process of becoming SOC compliant through project plan development, assistance with evidence gathering and organization to provide the auditor with the required deliverables. When documentation requires updating to meet the compliance standard, and/or gaps are found during the evidence gathering process, our team works with you to address these gaps and remediate to ensure compliance.
ISO 27000/27001:
The International Organization of Standardization (ISO) shows your customers the level of your integrity meeting contractual agreements, your maturity and technical formidability of the information security environment and your Information Security Management System (ISMS) compliance. This is a common standard across the industry that gives your company an edge against your competitors.
