If you are asking yourself any of these questions, read about how we can help:

“My organization is small to medium sized, and until recently we haven’t considered how to protect ourselves against IT security threats. How do we know what to worry about, and how do we prioritize risks and prevention expenses?”

  • We perform light or deep-dive assessments to establish a vulnerability map for your company.  When we review the map with you, we provide recommendations regarding how to prioritize any exposure, and cost effective ways to invest in sustainable prevention.
  • Based on the results of the assessment, we can partner to help you build a security program that aligns with your strategic road map and risk tolerance, including:
    • Policy and procedure development
    • Security Awareness and Training program development
    • Vendor management (finding, vetting, and contracting with appropriate partners)
  • If you don’t have internal staff well versed in IT security, we can provide support via a part-time ISO (Information Security Officer) who guides the culture change necessary to establish, improve,  and sustain your security profile.

NIST_Logo

inside-ssae-18-vendor-management-changes-900-500iso-27001-logoHiTrustLogo

“My organization gets asked often if we are certified in (HIPAA, or PCI, or SSAE).  How do I know if I have to be? And, how much work is it to get there?”

  • We will discuss your current and long term business goals, and provide advice on which certification(s) are likely to be essential. This can include the business case to help establish justification to stakeholders.
  • We perform a high level pre-assessment to determine where your organization needs to mature its security and compliance program in order to be audit-ready.
  • The pre-assessment report can be used by you as a high level roadmap to develop or mature a security program.

                    hipaa-compliant-logo                                                                pci2

“My organization has never been through an audit (HIPAA, or PCI, or SSAE), but my leadership says we need to get ready NOW!  Where do I start, and what if I don’t know much about information security?”

  • We perform deep-dive assessments for organizations who know they have to be audited. We then provide you a detailed report and actionable roadmap to help you focus on gaps to fill before audit time.
  • For organizations who don’t have staff with security expertise, we can provide a partner to work with your team to get you audit ready.  This can include some or all of the following areas of program support:
    • Policy and procedure development
    • Security Awareness and Training program development
    • Vendor management (finding, vetting, and contracting with secure partners)
    • Business Continuity and Incident Response planning
    • Vulnerability mapping & management
    • Guidance for secure IaaS, SaaS, and PaaS selection (including architecture needs review)

       teamwork-in-the-workplace-enthusiastic-consistent-and-united-effort_orig