Compliance standards like New York DFS, HIPAA, Sarbanes Oxley, require a third party IT assessment of your infrastructure and resources. A lot of times people come to me asking why that’s necessary, I tell them, it’s a very simple concept. For the same reason, you wouldn’t have your accountant look over the books that are prepared by your accountant to make sure he isn’t stealing money from you, you want to make sure your IT people aren’t hiding any deficiencies or major problems that may be trouble for you down the road. It’s always a good idea to have a third party with a fresh set of eyes, take a look at your policies and procedures, as well as the day to day implementation of your operations. This will give you some great information and also give you a second set of eyes at your operation that you can trust when making big decisions about perhaps, moving to a new software platform, or even compliance concerns, like trying to get together your first written information security program.