[Isabelle Tubbs]

When security measures are put in place, it is important to analyze that they are effective for the organization and scope for which it is intended. Getting an audit from a third-party can help get the right perspective on how well the security measures are working, whether they comply with regulations and policies, and what weaknesses there might be.
If the security measures are working well, this is good information for justifying the cost of certain security controls. However, if they are not effective, then adjustments need to be made to address those vulnerabilities and weaknesses that were found in the system. Once these corrections have been made, then checking the security again can be helpful.
Finally, a vital part of compliance is making sure that it complies with federal regulations (such as HIPAA and GLBA) so that everything is done in a legal manner. Also, it is important to comply with any policies that the company has put in place as well; this ensures that the security measures work well with the organization.