Scheduled Security and Audit Procedures

- Review Access [quarterly]

- Review Security Logs [weekly]

- Review Cyber Risk Assessment (enumerate possible compromise scenarios) [quarterly]

- Review Data Classification [quarterly]

- Backup Testing [quarterly]

- Disaster Recovery Testing [semi-annual]

- Review Devices & Workstations [quarterly]

- Review & Clear Low-Priority Alerts [weekly]

- Apply OS Patches [monthly]

- Verify Data Disposal per Retention Policy [quarterly]

- Conduct Security Training [annual]

- Review Security Monitoring and Alerting Configuration [quarterly]

- Penetration Test [annual]

- Whitebox Security Review [annual]

- SOC2 Audit [annual]

Help make throughtful choices about what matters to the business and implementing systems and processess to proactively mitigate risk

Tip: Investing in this stage will help avoid knowable problems in the future, People are less forgiving if you don’t deliver a better performance the second time adversity strikes💪