IT Compliance

Peace of Mind

In an increasingly complex regulatory environment, compliance risk management is essential, whether to meet statutory requirements, adhere to best practices in corporate governance, or reduce reputational risk. Our IT auditors can address any aspect of compliance, from financial audit and public company audit requirements to IT internal control validation and audits for businesses seeking to enhance their marketplace credibility.

We help hundreds of clients manage their compliance risk. Our IT auditors specialize in a variety of industries and hold credentials in a number of IT compliance disciplines. For example, many are certified Payment Card Industry (PCI) Professionals, PCI Approved Scanning Vendors, and PCI Qualified Security Assessors. In addition, we’re members of organizations such as the American Institute of Certified Public Accountants’ Assurance Services Executive Committee and its Trust/Information Integrity and SOC 2 task forces, the Cloud Security Alliance, and the Information Systems Audit and Control Association.

Solutions We Offer


Join us as we discuss how the new audit framework validates the state of a cyber-risk program, addresses the specific concerns of a broad audience of stakeholders, and complements other risk frameworks.

Join members of the Moss Adams information security team as they help business owners prepare for compliance with the global standard. During this session, presenters outline the fundamentals of the GDPR, explore the key compliance aspects of the regulation, and identify a foundational plan for addressing compliance.

More and more companies are outsourcing services. Ideally, a third-party vendor would exert the same level of internal controls you would.

Learn what an information security governance program is and how to implement one to protect your business from cyberthreats.

Preparing for a SOC audit doesn’t have to be daunting or time consuming. During this webcast we will discuss how to determine which report (SOC 1, 2, or 3) and which type is appropriate for your organization, the nature of the controls to promote, the time commitment to anticipate, who should be involved, and how to assemble the requisite documentation.

The AICPA’s SSAE No. 18 redrafts standards for SOC examinations and other attestation engagements and replaces SSAE No. 16.

Primary Contact