StrongBox IT’s Testing for compliance

The security testing exercises performed by StrongBox IT helps you adhere to major clauses across all regulating compliances and general information security processes.

With experience across standard reporting formats for regulated compliances, our test reports become good enough evidence to support your commitment to Information Security.

Controls Mapping

Sub categoryDescriptionISO 27001:2013SOXHIPAACFR Part11
Access control
Business requirements of access control To limit access to information and information processing facilitiesA.9.1SOX-Network Security164.312(a)(1)11.10(d)
User access managementTo ensure authorized user access and to prevent unauthorized access to systems and servicesA.9.2SOX-Network Security164.308(a)(4)(i)11.10(c), 11.10(d), 11.10(g), 11.300
User responsibilitiesTo make users accountable for safeguarding their authentication informationA.9.3SOX-Network Security164.308(a)(4)(i)11.10(g)
System and application access controlTo prevent unauthorized access to systems and applicationsA.9.4SOX-Network Security164.312(a)(2)(iii)11.10(c), 11.10(g), 11.10(k), 11.70
Cryptographic controlsTo ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of informationA.10.1SOX-Network Security164.312(a)(2)(iv), 164.312(e)(2)(ii)11.5, 11.100(a), 11.100(b), 11.200(a)
Operations security
Operational procedures and responsibilitiesTo ensure correct and secure operations of information processing facilitiesA.12.1SOX-Network Security164.308(a)(4)(ii) 
Protection from malwareTo ensure that information and information processing facilities are protected against malwareA.12.2SOX-Virus Contol164.308(a)(5)(ii)(B) 
Logging and monitoringTo record events and generate evidenceA.12.4SOX-Network Security164.312(b), 164.308(a)(5)(ii)(c ), 164.308(a)(1)(ii)(D)11.10(b), 11.10(e ), 11.10(f), 11.300
Control of operational softwareTo ensure the integrity of operational systemsA.12.5SOX-App Development164.312(d)11.10(f)
Technical vulnerability managementTo prevent exploitation of technical vulnerabilitiesA.12.6SOX-Virus Contol164.308(a)(1)(ii)(A) 
Information systems audit considerationsTo minimise the impact of audit activities on operational systemsA.12.7 164.312(b)11.10(f)
Communications security
Network security managementTo ensure the protection of information in networks and its supporting information processing facilitiesA.13.1SOX-Network Security164.308(a)(5)(ii)(B) 
Information transferTo maintain the security of information transferred within an organization and with any external entityA.13.2SOX-Network Security164.312(e)(1) 
System acquisition, development and maintenance
Security requirements of information systemsTo ensure that information security is an integral part of information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networksA.14.1SOX-App Development164.312(c)(2) 
Security in development and support processesTo ensure that information security is designed and implemented within the development lifecycle of information systemsA.14.2SOX-App Development164.308(a)(7)(ii)(e ) 
Test dataTo ensure the protection of data used for testingA.14.3SOX-App Development  
Supplier relationships
Information security in supplier relationshipsTo ensure protection of the organization’s assets that is accessible by suppliersA.15.1 164.308(b)(1) 
Compliance with legal and contractual requirements To avoid breaches of legal, statutory, regulatory or contractual obligations related to information security and of any security requirementsA.18.1 164.308(a)(8) 
Information security reviewsTo ensure that information security is implemented and operated in accordance with the organizational policies and proceduresA.18.2 164.308(a)(1)(ii)(D)