Get 5 Free Policies with our Security & Compliance Audit: order by September 30


Services Summary

Featured Services & Projects

Featured Services:

  • Security Assessments
  • Risk and Compliance Services
  • Business Performance Improvement
  • Technology Consulting

Projects:

  • IT Risk Assessments - Conduct IT Risk Assessments using a number of frameworks including NIST 800-171, NIST 800-53r4, NIST Cyber Security Framework, CIS-20, HIPAA, FFIEC, SOC2 Pre-Audit, and ISO 27001.
  • Policy Development and Implementation. We have pre-deployed policy packages for DFARS NIST 800-171, HIPAA, and GDPR. Each package includes individual action plan by policy and integrated Gantt chart with roles & responsibilities.
  • Technology Strategy - Develop technology strategies and Roadmaps.  We conduct gap assessments and identify innovative solutions on how to close the gaps.
  • IT Governance - Establish Program. Facilitate and Guide Leadership in developing a lean implementation plan built on short sprints.  Develop actionable policies with built in IT operational activities defined for technical staff. Develop supporting budgets and business cases.
  • Special Projects - Develop Business Continuity and Disaster Recovery Plans, Vendor Risk Assessments, Access Control Strategies, Incident Response Policies and Procedures, Data Classification and Information Management, Data Flow Modeling, and more. Conduct Technology Assessments for emerging Cyber Security and Mobile environments.

How We Work

Our work is highly collaborative and we take great pride in fitting in with our client environment and culture. Each project and environment is different, but because we have worked in so many environments we understand what works and what does not work.


We take on a variety of roles. Mostly as advisors to the firm.  We work on the business and with technology that can enable the business. Occasionally we are called in to do an audit only. 


In our compliance work, we work with management including an initial understanding of the current state of compliance, building a roadmap to achieve the compliance target, and work hands on and facilitate the readiness of the business to achieve compliance.

FAQs

Question: How can we do business with you?


Answer: We will do an initial consult, then if we agree we can help you, send you a digital agreement with deliverables, terms and conditions.  It is very simple.  


Question: What type of support can you provide?


Answer: We can come in on very short duration and targeted analysis as well as projects.  We like to limit the engagements to 90-120 days with shorter sprints built in.  We can provide continuing advisory services to support a variety of programs, but typically you will want to test our results before going this route.


Question: How do you get up to speed if we need to move quickly?


Answer: We have been trained extensively in performance improvement, technology management, risk and compliance management and frameworks. We work with the client to do a quick assessment and develop what project success looks like, what project deliverables will be required, and what leaders intent will look like.


Question: Are you certified auditors?


Answer: No, we have expertise and work to get business ready for audits. This includes getting the business ready for an audit by a certified auditor, if it is required. In some situations like Payment Card Industry (PCI) and Service Organization Control (SOC) 2 you need certified auditors.  However, you also need to be prepared for the audit.  That is where we fit in!


Question: Do you provide ongoing managed services for maintaining compliance?


Answer: Yes, we will design a customized portal on your infrastructure or will offer one through our cloud service, depending on the requirements.