Specialized Audit Service
Consulting
DESCRIPTION:
This service will evaluate the level and/or degree of the "Cliente"’s compliance with Information Security requirements and operational risk related to the operation of the required regulations: INDEVAL, Interbank Electronic Payment System (SPEI), Business Continuity, Information Security, Interbank Payment System in Dollars (SPID), and the Payment Card Industry Data Security Standard PCI-DSS. An external audit will be performed to validate the level of compliance with the required "Regulation".
DELIVERABLES:
Final report (Word document):
• Results obtained in the “Regulation/Compliance” audit
• Conclusions from the Independent External Auditor
• Observations on non-compliance
• Recommendations to address observations
• Improvement actions to optimize the design and implementation of established controls
• Evidence submitted to demonstrate compliance with “Regulation/Compliance” requirements (digital format and printed booklet)
CODE
SAE
BUSINESS LINE
Cibersecurity
CATEGORY
Consulting
RESPONSIBLE:
Gustavo Zamudio
METHODOLOGY:
SPEI, SPID, INDEVAL, PCI, Business Continuity exercise, Information Security
SCOPE:
1 Specialized audit
EXECUTION TIME
Volumetry:
• 1 SPEI exercise – 8 weeks
• 1 SPID exercise – 8 weeks
• 1 INDEVAL exercise – 6 weeks
• 1 PCI exercise – 4 weeks
• 1 Business Continuity exercise – 3 weeks
• 1 Information Security exercise – 3 weeks