Once you have all of your controls in place and running smoothly, you can think about auditing them. A successful audit is the closest thing you‘ll get to proof that your organization is secure. Which audit should you consider? You probably won’t get to choose as most audits are thrust upon us. If you’re lucky, you’ll only have to deal with one audit instead of several overlapping ones. All of the processes and controls discussed in this book are applicable to SSAE 16, ISO 27001, PCI DSS, and other major audit requirements. So where do you begin?