Get 5 Free Policies with our Security & Compliance Audit: order by September 30


Our Process

Define Outcomes

Defining outcomes establishes a shared vision and target for the work efforts. For example, establishing an outcome to be HIPAA compliant is very different from examining security control maturity relative to CIS-20 controls for the purpose of hardening the controls.

Assess the Current State

Having a shared understanding of the current state is critical.  Success improves with stakeholder involvement. Apply the Pareto principle and  find the 20% that brings 80% of the desired outcome.

Communicate Findings

Establish a process to share the great stories that clarify the current state, key performance gaps, as well as barriers and enablers of success. Devise new ways to communicate everything.

Prioritize Initiatives

Every gap can't be closed immediately.  Experience tells us what types of initiatives can provide the greatest benefit.  For larger programs, organize around management decisions and improvement initiatives for the first ninety days and those projects, which may require more budget and more time.  Use Roadmapping and Brainstorming tools to facilitate the entire program.

Execute

Apply an agile approach to execution. Infuse ongoing support to drive change initiatives.  Make certain everything gets tracked and reported.

Metrics

Identify how changes to tools, processes, or technology are changing the margins of the business.  Track work progress.  Metrics aid in ensuring the pace is quick, continuously prioritized, and aligned to strategic goals.