Our Approach

image98

Efficient and Cost-Effective Delivery

Compliance Gap Analyses & IT Security Risk Assessments


We start with a fast, high-impact compliance gap analysis of regulatory requirements specific to your industry that includes a qualitative risk assessment of our findings. For a standalone IT security risk assessment, we utilize NIST, ISO or a hybrid framework. 

 

We use our simultaneous, multi-regulatory mapping expertise, to synthesize a definition of your compliance, security, & privacy controls according to your requirements. We then map our findings and analysis according to the 7-Domains of a Typical IT Infrastructure and prioritize recommendations in a way that: 

  • can be implemented in a layered security solution;
  • eliminates redundancies across multiple regulatory requirements; and
  • cost-effectively consolidates remediation resources within your organization


We include a gap remediation plan or System Security Plan (SSP) in our gap analyses and risk assessments. This plan includes prioritized recommendations with accompanying cost magnitude estimates and is used to obtain approval, with our assistance, from Executive Leadership or Board of Directors for gap remediation projects aligned to your organization's risk tolerance strategy and objectives.


Our compliance gap analyses and IT security risk assessments can support pre-certification and pre-audit readiness (e.g. PCI AOCs, ISO Certification, Hitrust Certification, etc.) depending on your goals.

“As a Service” Model and Individual Services


We deliver solutions to complex GRC business challenges in a customized, “As a Service” delivery model of bundled services for larger projects (e.g. Gap Remediation or ISO Certification readiness) or ongoing IT security and compliance management that enables predictable budgeting and affordable deployment according to your timelines. 


Supplementing internal resources with an outsourcing strategy using our remediation, system security or certification plans can help you forecast ongoing compliance, security and privacy costs. Clients can also “pick & choose” individual services to augment their operations and remediate specific gaps to meet short-term requirements.