Our Services

GRC as a Service (GRCaaS) provides consulting and engineering services in the areas of: compliance, IT security, security testing, virtual CISO and security engineering. We have extensive experience in multiple industry verticals and strive to delight our clients with high quality solutions.  

Our high impact compliance gap analyses and IT security risk assessments include insightful findings, actionable recommendations and a gap remediation plan with accompanying cost magnitude estimates. 



Compliance Gap Analyses

Our compliance gap analysis services include, but are not limited to, regulatory laws and standards for: HIPAA, HITRUST, PCI DSS, FERPA, GLBA, FFIEC, NYS DFS CRR 500, NIST SP800-171R1, GDPR, FISMA (NIST SP800 53R4), FedRAMP, FINRA, SEC-OCIE, SOX, ISO 27001-27005 and 27018.

Compliance, Security, Privacy Gap Remediation

Our streamlined delivery of prioritized recommendations address gaps involving people, processes and technologies most at risk and assist in meeting aggressive deadlines or risk mitigation goals.

IT Security Policy Framework and Policy & Procedure Development 

We utilize our simultaneous, multi-regulatory mapping expertise to develop a cost-effective definition of your IT security policy framework across multiple regulatory requirements.  Our template library allows us to pull salient content aligned to your industry.

Business Impact Analysis (BIA), Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), Configuration & Change Management (CCM)Plans

Maintaining continuity of operations and high availability is key in today’s business delivery models.

Computer Security Incident Response Plan (CSIRP) & Computer Security Incident Response Team (CSIRT)

Required to address real-time incidents, threats, and potential data breaches.

Security Awareness Training 

User’s behavior is a key cause of security incidents and training is needed to mitigate risk.

BCP, DRP, CSIRP Tabletop Exercises & Training 

Practice makes perfect – our real-world, experienced instructors have been through these exercises and are highly qualified for sharing the knowledge.

IT Service Management

We provide subject matter experts delivering ITIL related consulting services and training.

IT Security Risk Assessments

We perform IT security risk assessments of your IT infrastructure to determine your sensitive data’s risk exposure. We base our assessments on various standards depending on your needs such as ISO, NIST or a hybrid version.  

We also perform risk assessments for the following: 

  • Data Sensitivity & Classification Assessment  (Where is your regulated data?  Who accesses it?  Where does it go?)
  • 3rd Party Vendor Risk Assessment
  • Cloud Security Assessments
  • Secure SDLC & Software and Web Application Assessments 


Vulnerability Assessment Scanning & Patch Remediation Plan

We provide vulnerability assessments to identify probable points of entry to your IT environment.  We identify risks, vulnerabilities and misconfigurations and provide prioritized patch remediation instructions and best practices.

Intrusive Penetration Testing & Remediation Plan

If our ethical, white-hat hackers can obtain unauthorized access or penetrate your IT infrastructure and reach sensitive data, rest assured a black-hat hacker can do the same.  We can help you sleep better at night knowing you have properly remediated your network and application layers from an intrusive penetration test.

Social Engineering / Phishing Attacks & Remediation Plan 

Social engineering exploits flaws in human behavior, preconceptions and confidences. We utilize various tactics including phishing emails, phone calls and other fabricated contexts for enhanced security testing.  


Virtual Chief Information Security Officer (vCISO) or Virtual Chief Compliance Officer (vCCO) services 

We provide vCISOs or vCCOs with subject matter expertise in your industry on a retainer basis. Our vCISOs help guide Executive Leadership with critical risk appetite decisions. And our vCCOs help guide Executive Leadership, CIOs and CISOs with the proper requirements that must be imbedded into the IT infrastructure and environment.


Security Engineers (Cisco, Checkpoint, Palo Alto)

Need a tactical security application solution?  Our certified security engineers provide you with the necessary design, configuration, hardening, and testing to ensure your security appliance is installed to meet your compliance, security, and privacy control requirements.

Load balancers (F5, Netscaler)

Performance and high availability to mission critical applications and data is paramount to supporting your business operations.  Our certified engineers assist you with the design, configuration, hardening, and testing of your application load balancers to ensure optimal performance.

Hardening IT assets (CIS Benchmarks, Windows, Linux)

Standardizing IT assets for operating system, configuration, and security control implementation is a best practice.  IT asset hardening helps mitigate risks, threats, and vulnerabilities and IT asset configuration standardization facilitates incident response.

ForeScout Engineering (Network Access Control)

Our ForeScout certified engineers can assist in design, configuration, policy development and reporting for CounterACT® network access control appliances. CounterACT® discovers devices, operating systems, users and applications in real-time, controls access and allows for enforcement of security policies. 


RSA Archer - GRC Platform (Enterprise Compliance Management Solutions)

Our certified RSA Archer security consultants have hands-on experience to guide your organization with design, configuration, full implementation and ongoing management of the RSA Archer GRC compliance, security, and privacy platform.