Skip links

713 266 8785Call Monday thru Friday, 9am - 4pm


Be prepared for your next regulatory exam.

Regulated financial institutions across the country trust Aporia Solutions’ team of veteran IT auditors to prepare them for annual federal and state IT compliance examinations.  Our certified auditors have personal experience overseeing Information Security Programs and IT systems and networks at community banks; we understand the financial services environment from the inside.

Aporia Solutions has a proven risk-based auditing methodology. Guided by GLBA requirements, the FFIEC IT Examination Handbook, NIST's cybersecurity framework and experience over hundreds of engagements, we conduct testing based upon a risk assessment to ensure focus on the high risk areas.

This methodology takes into consideration the specific environment and risk culture at each client.  We address the business goals of data confidentiality, integrity and availability.  In addition to satisfying regulatory compliance goals, our reviews and deliverables provide a clear view into whether IS controls and technical systems are operating effectively to safeguard information assets.

IT Audit for FFIEC / GLBA
Determine your Financial Institution’s level of compliance with the specified controls required by FFIEC and GLBA. This Assessment provides an information systems security controls compliance review in accordance with the FFIEC Information Systems Handbook and the Interagency Guidelines for the Safeguarding of Customer Information, pursuant to sections 501 and 505(b) of the GLBA.

IT Controls Review
Determine how effectively information systems controls are operating to safeguard data confidentiality, integrity and availability.  The IT general controls audit includes a review of all key components of the IS Program:  Vendor Management; Business Continuity, Disaster Recovery & Incident Response; Core Operations; E-Banking; Retail Payment Systems; Risk Assessment.

Typical IT Systems Testing

  • External network vulnerability / penetration testing
  • Internal network vulnerability testing
  • Internal network patch audit
  • Social Engineering

Advanced IT Audit Testing

  • Reconnaissance & public information review
  • Wireless network security testing
  • Virtualized environment testing
  • Web application vulnerability assessments (Unauthenticated & Authenticated)

Remember you can add or remove items from your bid request at any time.