We are assessment professionals. We are IT professionals. We are Auditwerx.
Auditwerx is headquartered in Tampa, Florida. We have served clients throughout the U.S. and internationally since 2009, providing over 3,500 security compliance reports. As a division of Carr, Riggs & Ingram Capital, LLC (CRI), a top 25 accounting and advisory firm, our clients receive the resources, skills and experience of a much larger firm, but with the accessibility and attention of a smaller, niche, boutique firm.
From start-ups to larger established organizations, we partner with clients of all sizes in a variety of industries, including:
Auditwerx is dedicated to offering the highest quality compliance reporting services. Our team is dedicated to exceeding your expectations with our policy of mutual respect and transparency.
Partnering with our team means that your company’s compliance initiatives are in experienced hands. Our team of assessors and cybersecurity advisors consists of highly specialized professionals, including Certified Information Systems Security Professionals (CISSPs) and Certified Information Systems Auditors (CISAs).
We can deliver the technical IT and assessment skills needed to clearly relay technical information to both the IT department and management. We are a true partner to our clients, building productive, long-term relationships that you can count on for years to come.
STACY MARTIN
PARTNER IN CHARGE, CHIEF EXECUTIVE OFFICER
Stacy has over 19 years of professional assessment experience in both financial reporting and internal control attestation services of companies in various industries including software and technology, healthcare, employee benefit administration, manufacturing, and various service industries. Stacy has extensive experience in the design of operational control environments and assessing the effectiveness of internal controls in various operating environments, and in performing privacy assessments. She has been involved with over 1,000 SOC* engagements with Auditwerx and is certified in applying the 2013 COSO Internal Control – Integrated Framework and has the Advanced SOC for Service Organizations Certificate.
For the past 8 years, she has focused on the growth of Auditwerx and adding security compliance services for our clients.
BRIDGET BOSWELL
PARTNER
Bridget has more than 20 years of professional assessment experience in both financial reporting and internal control assessments. Her industry expertise includes the software and technology, construction, manufacturing & distribution, service, and not-for-profit sectors.
For the past 6 years, Bridget has specialized in SOC 1®* and SOC 2®* engagements for service organizations, assessing operational control environments and evaluating the effectiveness of internal controls. She has extensive experience with assessing employee benefits administration clients.
In addition, Bridget has performed multiple HIPAA assessments and various other attestation engagements to meet her clients needs.
Our virtual assessment process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our assessment engagement virtually and in real time. This is neither a “remote assessment” nor a “desk review,” both of which often involve electronic file transfers and little interaction with management. Instead, the virtual assessment includes dialogue with process owners virtually, captures and shares information electronically, and integrates technology seamlessly. We also offer the possibility of performing a hybrid assessment, whereby we reduce our on-site presence by supplementing it with virtual resources.
Our goal is to provide you with the same high-quality assessment services through more focused planning, with reduced distraction, and at a more cost-effective price point. Our virtual assessment process provides you with more access to our specialists involved in your assessment – regardless of your location.
Auditwerx utilizes a web-based, third-party, Engagement Management Platform (EMP). This solution acts as a secure portal that provides project completion and deadline driven status of the requests needed to complete the testing. This tool provides great clarity to clients in where the process is and what items are outstanding. The portal is inter-active and provides a messaging center and restriction of access to specific requests to authorized users.
This intuitive solution standardizes the information collection process, enhances client experiences while securely exchanging the necessary information and automatically managing workflow. Our proven process increases efficiencies, in a secure platform that enhances the client experience.
One of the most frequent gaps I see during PCI DSS assessments is not a missing firewall rule or an unpatched system—it’s misidentifying service providers. Even mature organizations often misunderstand who qualifies as a PCI DSS service provider and which vendors are security impacting.
For defense contractors handling Controlled Unclassified Information (CUI), achieving CMMC Level 2 Readiness is the critical hurdle. This guide provides a strategic framework for ensuring your organization is prepared for the transition from self-attestation to verified assessment.
Let’s be honest: system and application accounts aren’t exactly the life of the party. They do their work quietly behind the scenes, much like the custodians who keep the real world running smoothly. But when it comes to PCI DSS 4.0.1 requirements—specifically 7.2.5, 7.2.5.1, and 8.6.1 through 8.6.3—these digital custodians become the stars of the security show. Ready for a quick, fun, and informative stroll through these must-know controls? Grab your metaphorical flashlight; we’re heading into the vault!