Lending Software Provider Entech Partners With Lazarus Alliance to Perform Penetration Testing and Data Security Compliance Audits

Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, announces its partnership with Entech, a global provider of lending software and services. Lazarus Alliance will perform an independent AT-101 Service Organization Control 2 (SOC 2) audit, a PCI DSS audit, and penetration testing.

The SOC 2 is part of the AICPA SOC reporting framework and utilizes the AT-101 professional standard. Technology service organizations use the SOC 2 to attest that they are adhering to proper data security control procedures and practices. Releasing an SOC 2 attestation assures the service organization’s clients that the organization has implemented specific data security controls to mitigate operational and compliance risks associated with the use of its systems.

“In today’s dynamic threat environment, it is essential that technology service organizations adhere to exacting data security standards.”

Michael Peters,
CEO, Lazarus Alliance

The PCI DSS is a proprietary information security standard that was established by major global credit card brands. The standard applies to all organizations that handle major branded credit cards, including Visa, MasterCard, American Express, Discover, and JCB. The credit card companies require that all organizations, worldwide, that accept or process their cards to comply with PCI DSS. Compliance must be validated annually by an external Qualified Security Assessor (QSA) such as Lazarus Alliance.

“In today’s dynamic threat environment, it is essential that technology service organizations adhere to exacting data security standards,” said Michael Peters, CEO of Lazarus Alliance. “When a company makes the decision to enlist a third party to provide a service, they want assurances that those services will be provided not only timely and accurately but also securely. The SOC 2 and PCI DSS audits demonstrate Entech’s commitment to maintaining a sound control environment that protects their clients’ data and confidential information.”

So that the PCI DSS and SOC 2 audits are conducted thoroughly, efficiently, effectively, and economically, Lazarus Alliance is using Continuum GRC’s IT Audit Machine (ITAM), a RegTech software solution that automates governance, risk, and compliance processes.

“Most auditors still use spreadsheet programs for compliance audits, but that makes the whole process take far longer, creates extra headaches, and ends up costing the client way more money,” explained Peters. “With RegTech products like the ITAM on the market, there’s simply no reason to use spreadsheets anymore. The ITAM comes pre-loaded with modules for SOC 2, PCI DSS, and so many others that make it easy to determine which requirements apply to a specific client’s data environment. Plus, it creates a centralized repository for all of a client’s cyber security and compliance information: IT governance, policy management, risk management, compliance management, audit management, and incident management. It helps clients get the big picture about what’s going on in their data environment, which is crucial to protecting it.”

Source: Lazarus Alliance