KirkpatrickPrice
Overview
KirkpatrickPrice is an information security auditing firm whose goal is to make sure you are secure and compliant with whatever industry standards or customer demands you are facing.
We want to partner with you and empower you to reach your challenging compliance goals so you can achieve assurance that your business is operating as you intended: securely and effectively.
As a licensed CPA firm, PCI QSA, and HITRUST CSF Assessor, we most commonly perform SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, and FISMA audits, as well as penetration testing.
Confidence comes from experience.
Reports
Clients Worldwide
Years of Experience
Value Proposition
Expertise
KP hires former CISOs, Directors of IT, etc with 10+ years of experience in technology and a CISSP certification. These people are able to use their experience to understand lots of different environments, combine multiple frameworks into one project, and relate to clients feeling lots of different emotions during the audit.
OAM
The Online Audit Manager first and foremost is a tool to connect a client with an expert. It doesn’t complete the audit, only supports it. The OAM provides a space to upload audit evidence. It’s mapped to different framework requirements to reduce redundant requests. It’s the simplest tool to use in the market and we consistently hear prospects comment how simple it is after a demo.
Approach
We keep audits simple by focusing our clients and auditors on topic. Whether working on ISO 27001 or SOC 2 and ISO 27001, risk assessment is a critical component of a security program. We focus on the risk assessment instead of the framework requirements so that we conduct one interview, review one document, and apply that testing to multiple frameworks if necessary.
On-Time Quality
KirkpatrickPrice uses a team of English majors to take the testing our auditors conduct and assemble it into a high-quality report that’s delivered on-time. When auditors write reports they’re full of errors (or generic from a template) and usually late because that’s the last thing an auditor wants to do at the end of a project.
Market Challenges
Automation
Clients are enamored with automation right now. They know deep down that audits are hard and turn to automation for the solution. Tools like Vanta, Drata, etc try to map evidence requests to audit requirements and then automate all the evidence collection so audits are easy. These tools are not auditors and partner with cheap auditors to provide a “cheaper and easier audit process.” This has led to a flood of cheap audits that provide a false since of assurance.
Fatigue
Clients are tired of being asked the same question over and over again for different audit frameworks. They don’t like doing a SOC 1 audit with one firm, a SOC 2 audit with another firm, and a PCI audit with a third firm. This causes a lot of wasted time and energy.
Lack of Expertise
Most CPA firms hire auditors out of college, or auditors with a compliance/audit background. This causes frustration as these assessors don’t understand the client or their technology.
Price
While price is a factor in every market, KP sits at a higher price point than many competitors. Many executives and decision makers aren’t involved in the audit and don’t understand why they wouldn’t use the cheaper options.