Services
Service scope
Our programs address all technical and business concerns necessary to achieve compliance. Each aspect is modular and may be customized or left out entirely if existing systems are in place to address it.
Documentation
156 policy documents including standards, procedures, and guidelines
Systems monitoring
Centralized logging configurations, ready made alarms, and continuous monitoring
Disaster recovery
Be ready to bounce back from anything and eliminate single points of failure
Vendor management
Track dependencies and access of third parties to minimize risk and maximize transparency
Key management
Ensure access and security of operationally critical keys, certificates, etc.
Risk assessment
Pre-populated, guided assessments to help reduce attack surface and mitigate damage
Physical security
Instructions to secure physical access to sensitive documents and digital data
Business continuity
Have plans in place to ensure smooth operation and control no matter what happens
Technology management
Track technical dependencies to reduce vulnerabilities and keep everything up-to-date
Device management
Simplify support and ensure laptops and mobile devices are up-to-date and secure
Change control
Auto-link changes to tickets, unit tests and other automatically generated evidence
Business organization
Automated org charts and customized training based on org defined roles and responsibilities
Incident response
Have plans in place to address operational and legal ramifications when an incident occurs
Asset management
Ensure in-scope hardware is identified, hardened, and audited to avoid a breach
Systems hardening
Configurations and recipes to harden the network, hosts, applications, and services
Access management
Ensure consistent and auditable access for administrators, users, and service accounts
Training
Ensure that everyone knows the policy and receive all necessary role-specific tranings
Vulnerability management
Automatically determine relevance, classify, and address vulnerabilities in realtime
How our process works
1 / Determine necessary frameworks
What frameworks are needed? We currently have first class support for PCI DSS 4.0 and SOC2. Additional frameworks such as GDPR, HIPPA, ISO 2701, etc. can also be implemented.
2 / Determine scope
What's covered as part of the regulatory framework(s) and what isn't? And critically, what can we do to reduce the scope.
3 / Finalize responsibilities and toolset
We're happy to it all and provide all the necessary tools, but sometimes there are portions you may want to do yourself or specific tools you want to continue using.
4 / Finalize project plan
Now we have everything we need to identify responsible parties, create a timeline, and finalize the project plan.
5 / Execute
We'll do the bulk of the work and provide clear instruction and resources for the rest.
6 / Audit
Ours is a comprehensive program, which means we're with you all the way through the audit itself. We're with you till you have your certification in hand.
7 / Maintenance
We provide you everything you need to maintain your program yourself. We also offer fractional CISO services if you prefer.