GAIN VISIBILITY AND CONTROL OF SUPPLIER RISK

METHODOLOGY

 

Our Methodology

Trudexia Profile - Independent Organisation Review


The Trudexia Profile gives assurance over the controls in place for an organisation. This independent organisation review is conducted with the participation of the reviewed organisation and with a commitment to open, honest, truthful and transparent results.

Our responsibility is to express an independent opinion on the reviewed organisation's design of the controls related to the control objectives stated in the description of the controls based on our procedures. Trudexia plan and perform our procedures to obtain reasonable assurance about whether, in all material respects, the description is fairly presented and the controls are suitably designed.

Our methodology involves utilising tools and procedures to obtain evidence to substantiate the design effectiveness of the controls and their existence within the reviewed organisation. The procedures selected depend on our judgement, including the assessment of the risks that the organisational control is not fairly presented, and that controls are not suitably designed or operating effectively. Our procedures included inspecting the design effectiveness of those controls that we consider necessary to provide reasonable assurance that the organisation operates the controls in scope. 

Our commitment to both the reviewed organisation and those looking to consider the information within the reviewed organisations Trudexia Profile we believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our opinion

Trudexia Profile - Cyber Security Controls

 

Cyber Security Controls are a key component of the Trudexia Profile. The Cyber Security Controls are selected by Trudexia from the NIST (National Institute of Standards and Technology) Special Publication 800-53 (Rev. 4) - Security and Privacy Controls. The selection of controls represent, in our view, an adequate selection of controls that when considered as a whole provide appropriate cyber security baselines for organisations to build on. In general the controls selected are from the baseline Low (as defined by NIST; and of Priority 1 (as defined by NIST). Supplemental controls are generally excluded and any other exclusions are described with the Trudexia Profile.

Limitations

Degrees of limitations

 

Trudexia Profile's are prepared to meet the common needs of a broad range of organisations and their reviewers and may not, therefore, include every aspect of the organisation or system that each individual reviewer may consider important in its own particular environment. Also, because of their nature, controls at an organisation may not prevent or detect all areas representing organisational risk. Also, the projection of any evaluation of effectiveness to future periods is subject to the risk that controls at a organisation may become inadequate or fail.


In addition, the scope of our procedures and testing did not extend to testing procedures performed by subservice (4th parties) organisations within the reviewed organisation and those controls for the reviewed organisation as identified in the scope. Controls operated by these subservice (4th parties) organisations have been excluded, and no testing has been performed or assurance provided over the effectiveness of their design and operation. Any reliance by reviewers of the Trudexia Profile will be limited by the extent to which the subservice (4th parties) organisation’s controls impact the reviewed organisation, design and operating effectiveness of the controls and system(s) operated by the reviewed organisation. 

 

Terms and conditions can be found at www.trudexia.com/teesandcees
 

Level 26, 44 Market Street Sydney NSW 2000

+61 2 9089 8879
sales@trudexia.com