The most common misconception with cybersecurity audits is that you wait till you think you’re compliant, to get started.
The Consumer Data Right gives Australian’s control of their data. That enables innovation in new products and services to those consumers. To participate as a data recipient, there are five governance requirements and 24 information security requirements. These are independently audited by a qualified firm like AssuranceLab, and included in an assurance report for accreditation.
These three steps to an assurance report do not directly cover the requirements. This provides an overview of how assurance reporting works as a key part of your accreditation. We encourage clients to engage early in the process. This helps us guide you, build mutual understanding along the way, and the collaboration achieves better outcomes for everyone!
We’re not trying to “catch you out” in these audits. We don’t draw conclusions or raise reportable issues from our initial observations. Our fees are fixed - we don’t profit off any issues identified or additional work that may be required. Our goal is aligned with yours; to issue an assurance report demonstrating your compliance to help you achieve accreditation with the Consumer Data Right.
Of course, we need to protect the quality and integrity of these standards and our services. Part of that is our auditor independence requirements. We cannot design or implement anything for you. We can perform iterative reviews, provide guidance, examples, and answer any questions you have along the way. It’s faster, less total effort involved, and supports the better alignment of controls to your business, when we're on the journey together!
So how do you work towards accreditation?
There are three steps that can be done in parallel.
Readiness Assessment / Gap Analysis
The best first step is using our Readiness Assessment software. There’s no cost or commitment required. The traditional approach prior to our software was consultants running several meetings with your team, asking hundreds of questions, and manually turning your responses into documented controls and a list of control gaps. That’s now done automatically by our software, so you can provide the inputs in your own time, in much less time, and receive higher quality outputs.
The Readiness Assessment output report documents your current state of play with a list of any gaps and our recommendations to resolve them. From there, we can hold a workshop to guide you on priorities, answer any questions, and start working collaboratively towards your final CDR assurance report. We have examples, how-to guides and white papers on the security products and practices available in your cloud infrastructure. These are all aimed at solving the “how” to do it, not just “what” is required.
Traditional auditors wait until you’re fully compliant, then upend things in a week or two as they try to audit everything in one go. The problem with that is; some areas you’ll fall short, in others you’ll misunderstand the requirements and auditors' expectations, and in some areas, you’ll go too far - draining your team's time unnecessarily. Our agile and collaborative approach provides iterative feedback and improvements, which is a no-brainer like agile software development.
The rest of our CDR practice guides can be used to understand each topic requiring coverage under the CDR Schedule 2 requirements for your assurance report. These each set out the required information security controls. We explain how these work in practice and common industry solutions including software and cloud platform products.
Our team at AssuranceLab are specialists in cybersecurity assurance and cloud environments - don’t hesitate to lean on us. From working through hundreds of cybersecurity assessments, we know it’s best to work closely together from start to finish!
AssuranceLab is a modern cybersecurity audit firm. We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.