Audits

Cyberforks runs hands-on security and compliance audits for organizations that want a practitioner's read, not a templated report. Each engagement is scoped to a specific framework or question and delivers a prioritized findings document you can hand to an executive or a remediation team without translation.

NIST CSF Audits

Where your security posture stands against the NIST Cybersecurity Framework.

  • Stakeholder interviews and controls inventory
  • Mapping against the Framework's functions and categories
  • Gap analysis with a prioritized remediation roadmap
  • Executive-ready findings memo

Common when leadership asks "are we doing enough?" or before a board review.

HIPAA Compliance Audits

Security Rule and Privacy Rule readiness for healthcare entities and their business associates.

  • Risk assessment under §164.308(a)(1)
  • Business Associate Agreement (BAA) inventory and review
  • Technical safeguards review — encryption, access control, audit logging
  • Policy and documentation review with a remediation plan

Common before an OCR inquiry, after an incident, or when scoping a new vendor relationship.

SOC 2 Type 2 Policy Audits

Policy readiness work for organizations preparing for a SOC 2 Type 2 examination.

  • Policy review against the Trust Services Criteria
  • Identification of gaps in policy language vs. SOC 2 expectations
  • Drafts and rewrites of weak or missing policies
  • Hand-off package for whoever runs the full readiness or examination

Pre-audit work, not the SOC 2 attestation itself — that's performed by a licensed CPA firm.

Cyber / IT Audits

A practitioner's read on your overall security posture, with no specific compliance target.

  • Asset and access inventory
  • Patch management and configuration review
  • Network architecture and segmentation review
  • Documentation, monitoring, and incident-response readiness

Common for organizations between formal audits, or those wanting a security baseline before pursuing one.

Every engagement is scoped to your environment, not templated. If any of the above fits something you're working on, get in touch.

Get in touch