In the past, audit checks were compartmentalized and IT staff were enforcers. It can’t be that way anymore. Make sure you are using the proper tools to easily pass the technical audit so you can focus on improving your overall security posture. Users need to be educated about the proper use of hardware, software, and understand security. When an auditor comes on site, they aren’t just looking to check a box, they are validating policies and procedures. They will go to users and ask questions like, “are you aware” or “how do you”. Because of the recent breaches, they understand it’s not just IT, but all employees who must understand security policy and procedures. There needs to be companywide education and support for security. As a CISO that’s your primary goal.