Skip to main content

Enter Keywords

Andrew Phillips I CISA, PCIP, CCSFP
Managing Security Consultant

Andrew Phillips I CISA, PCIP, CCSFP

Andrew is a managing security consultant with FoxPointe Solutions Information Risk Management Division of The Bonadio Group.


Internal IT Audit

What do you focus on?

My experience with FoxPointe / Bonadio has included a focus on supporting projects including IT audits, SSAE 18 SOC 1 and SOC 2 engagements, Payment Card Industry Data Security Standards (PCI DSS) Reports on Compliance, HITRUST assessments, and performance of risk assessments, across multiple verticals including healthcare, banking, and private and public organizations.

Expertise in Control Regulations / Regulators and Frameworks:

  • HITRUST Common Security Framework (CSF) 
  • Health Insurance Portability and Accountability Act (HIPAA) 
  • Health Information Technology for Economic and Clinical Health Act (HITECH) 
  • Gramm-Leach-Bliley Act (GLBA) 
  • Federal Financial Institutions Examination Council (FFIEC) 
  • Federal Deposit Insurance Corporation (FDIC) 
  • Office of the Comptroller of the Currency (OCC) 
  • Family Educational Rights and Privacy Act (FERPA) 
  • NY 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies 
  • State, Federal, and international data privacy and security laws 
  • Committee of Sponsoring Organizations (COSO) 
  • Control Objectives for Information Related Technologies (COBIT) 
  • Statement on Standards for Attestation Engagements (SSAE 16/18) 
  • Institute of Internal Auditors (IIA) 
  • American Institute of Certified Public Accountants (AICPA) 
  • Payment Card Industry Data Security Standards (PCI DSS) 


Rochester Institute of Technology, B.S. Accounting

Relevant Training

Working towards Master’s level certificate in Cybersecurity (Rochester Institute of Technology)


  • Certified Information Systems Auditor from ISACA (CISA)
  • Certified Assessor for the HITRUST Common Security Framework (CCSFP)
  • Payment Card Industry Professional (PCIP) 


  • Information Systems Audit and Control Association (ISACA)
  • New York State Society of Certified Public Accountants (NYSSCPA) – member of Technology Assurance Committee