Information Assurance

With cyber attacks and data breaches dominating today’s business headlines, management teams are being challenged to develop a defensible approach to information risk management. At Aprio, our mission is to help our clients improve their risk management programs while delivering higher quality reports with less business disruption. Too often information security professionals lose sight of whether the reports they are producing are supporting their clients’ risk management needs and whether the reports effectively represent their clients’ risk management programs. Our pragmatic approach harmonizes audit and compliance protocols to make effective sustainable risk management and reporting easier to achieve.

Contact Dan Schroeder to learn more about our Information Assurance Services.

To view our accreditation certificate, click here.

To file a confidential complaint or appeal, please send an email to Jeff Grosoff with “ISO 27001 Complaint” or “ISO 27001 Appeal” in the subject line.

Aprio Information Assurance Services (IAS) is a practice of Aprio, LLP, an independent, CPA and professional services firm. We are performing this engagement as an independent professional service provider. We are aware of no relationships between the partners of Aprio, LLP or the IAS engagement team with the Company’s management, shareholders, board members or fiduciaries that would impair our independence. Aprio conducts new client acceptance procedures for the firm, and relative to potential new IAS clients, IAS management does not participate in the decision making in order to maintain our independence.

Information Assurance

Risk Analysis

We begin with a thorough understanding of your company’s digital assets – critical groupings of data and processes that could harm the business if they were compromised. Working side-by-side with your team, we uncover the most significant risks to these valuable information assets.

GAP Assessment

We determine whether current information risk management activities are appropriate, given your company’s risk appetite and tolerance. We measure your activities against relevant aspects of leading security standards, such as ISO 27001.

Risk Management

By focusing on the value at risk, we enable you to maintain baseline information security controls that protect the majority of data and systems while selectively investing in advanced security measures to protect higher-value digital assets.

Assurance and Certification

We deliver independent and objective attestation reporting to provide an added level of assurance that controls are designed suitably and are operating effectively. Our monitoring and attestation services include PCI DSS, ISO 27001, SSAE16/SOC 1, SOC 2, EI3PA, agreed-upon procedures and internal audit co-sourcing.

Advisors and Insights