The heart of a robust, mature security program is a well documented adherence to a security framework. We are experienced in multiple standards such as ISO, NIST, PCI, HIPAA, CIS, CMMC, GDPR, CDPA, and BYOB; and can help you review and write policies, prepare for audit, and document evidence that you are in compliance.

In recent years scrutiny of your policies and procedures has increased from government agencies, business partners, investors, insurers, and additional third parties. Current events, such as the SEC bringing charges against the CISO of SolarWinds, demonstrate an increase in potential personal criminal and civil liability for company officers. You need somebody who can help you prepare for these evolving concerns and prove that you are managing risk appropriately.

With decades of experience in writing incident response and business continuity plans, preparing organizations for SOC2, HIPAA, and PCI audits, and serving as technical assessors for ANAB-ANSI, we have honed our expertise. Our team has tested and assessed the readiness of existing plans in numerous organizations, assisting in their revision and policy strengthening. Additionally, we frequently conduct tabletop exercises for both executives and technical staff to evaluate the effectiveness of the incident response plan and the team’s cohesion.