#   Information Technology Audit 

 



 ##  

  expand\_more  

 
  

 

The Information Technology (IT) Audit team assesses the effectiveness of controls that keep the University's digital environment and associated operations reliable, secure, and compliant with policies and laws. We focus on identifying and mitigating risks in data, applications, infrastructure, networks, and technology operations. Evaluations are usually based upon internal policy requirements, government regulations, or industry standard frameworks like [COBIT](https://www.isaca.org/resources/cobit), [NIST CSF](https://www.nist.gov/cyberframework), and [CIS CSC](https://www.cisecurity.org/controls).

## Services Provided

### Audit

We conduct evaluations based on set criteria, issuing reports with actions for non-conformance. Our audits often cover the protection of information and digital assets, physical and logical security controls, change control, account administration, event logging, incident handling, backup, disaster recovery, and IT service delivery. We also perform compliance audits for policies and regulations such as [PCI](https://www.pcisecuritystandards.org/), [HIPAA](https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html), and [FERPA](https://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html).

### Advisory/Assistance

Offering risk-based, control-focused expertise without a formal process. We help with control assessments to enhance understanding and identify improvement opportunities in tech solutions.

### Consulting

Similar to audits, with reports including observations and recommendations in place of non-conformance findings. Criteria are chosen based on engagement scope and objectives, and report distribution is controlled by the client.