INTERNAL CONTROL & DATA SECURITY AUDITS

Auditwerx can help your organization meet the specific data security requirements your clients demand.

Internal Control and Data Security Audits
Internal Control and Data Security Audits

Get started today

Internal Control and Data Security Audits

Do you have the appropriate controls in place?

Florida agencies, such as the Florida Highway Safety and Motor Vehicles (FLHSMV), are concerned that their partners have the appropriate internal controls in place to ensure that data is protected from unauthorized access, distribution, use, modification, and/or disclosure. To ensure that these standards are being met, state agencies and vendors must submit an Internal Control and Data Security Audit from a currently licensed Certified Public Accountant.

INTERNAL CONTROL AND DATA SECURITY AUDITS

An Internal Control and Data Security Audit is required to demonstrate compliance with the Florida Cybersecurity Standards (FCS), Rules 60GG-2.001 through 60GG-2.006, Florida Administrative Code (F.A.C.)  These standards incorporate guidance from the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, and  the Federal Information Security Management Act of 2002 (FISMA) (44 U.S.C. S3541, et seq.).

To satisfy these requirements, companies should consider a SOC 2 report with a mapping to the Florida Cybersecurity Standards, to ensure all aspects of the FSC are addressed.

A SOC 2 REPORT PROVIDES ASSURANCE AS IT RELATES TO THE ASSOCIATION OF INTERNATIONAL CERTIFIED PROFESSIONAL ACCOUNTANTS (AICPA)’S FIVE TRUST SERVICES CATEGORIES AND THEIR CORRESPONDING CRITERIA:​

Security: The system is protected against unauthorized access (both physical and logical).

Availability: The system is available for operation and use as committed or agreed.

Confidentiality: Information designated as confidential is protected as committed or agreed.

Processing Integrity: System processing is complete, accurate, timely, and authorized.

Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and the Canadian Institute of Chartered Accountants (CICA).

Internal Control and Data Security Audits


WE ARE CONFIDENT THAT OUR WORK WILL EXCEED YOUR EXPECTATIONS.

Auditwerx understands the requirements of the FSC, data security assessments is what we do. We can guide you through the process to meet the Internal Control and Data Security Audit requirements. Contact us to learn more about an Internal Control and Data Security Audit.

Get Started

Get Started