Service Providers

Creating Adequate and Effective Control Programs

Service providers are increasingly required to provide a demonstration of the adequacy and effectiveness of control programs over client data—it has become best practice. This is especially true for service providers whose control environments may impact the integrity of financial reporting on behalf of their clientele.

TrustCC provides services to our service provider clients that will assist them to demonstrate and validate control effectiveness.

Service Provider Offerings

SAS 70 Type I and Type II (partner with national accounting firm)
TrustCC partners with a national accounting firm to provide a cost effective solution to your SAS 70 needs without the cost of a national accounting firm. Further, our procedures will be much more in-depth than those of a national firm, providing you with the best possible assurance that your controls are adequate and effective.
SOX 404 Compliance Assessment
TrustCC documents and tests key IT controls related to financial reporting in order to ensure control effectiveness and provide management confidence prior to an external audit.
PCI DSS Security Preparedness
We will work with your IT, finance and other key internal organizational functions to provide an initial assessment, gap analysis, and recommendations to assist you in your compliance and security objectives.
GLBA Compliance Assessment
Banks and Credit Unions are required to comply with GLBA. Our assessment and gap analysis services are specifically designed to meet GLBA requirements and are customized for the size and complexity of your organization.
Information Technology Audit
TrustCC provides co-sourced/outsourced IT audits that bring cost-effective expertise to Banks and Credit Unions. Audit procedures are scoped similar to exam procedures established by regulatory agencies such as the FDIC, FRB, OCC, OTS, and NCUA.
Vulnerability and Penetration Testing
TrustCC’s expert services provide the confidence that your information assets are adequately safeguarded. Such services cost-effectively demonstrate diligence and control to examiners, executive management, and the Board.
Comprehensive Security Assessment
Vulnerability testing within your organization needs to be much more than penetration testing alone. Technical, administrative, and physical security controls are tested and analyzed to determine the overall effectiveness of your information security program.
Mainframe Security
We want to help your organization design methodologies that ensure the security of your mainframes and the applications running on them while meeting regulatory requirements.
Information Security Risk Assessment
Our standards-based IT risk assessment justifies administrative, technical and physical security control selection and prioritizes and establishes security plans and budgets.
Business Continuity Planning
TrustCC offers a proven methodology for business continuity planning based on industry standards and best practice, changing technology, and practical experience.
Incident Response
Preparing for a security incident is one of the most difficult tasks an IT manager can perform. Our team is trained and certified in incident handling and response. Let us help you prepare to respond to the unknown and minimize organizational impact.
Policy and Procedure Development
Policies and procedures are cornerstone for information security and risk management in any organization. TrustCC will identify appropriate and manageable policies, standards and procedures for your organization.

For more information on TrustCC services for service providers contact Client Services.