Security Compliance

Areas of Concentration

Security Maturity Review

If you have already adopted a security framework your business will have a good baseline. Our cybersecurity maturity assessment will validate the work the team has done to create the cyber strategy and program in accordance with the selected framework.

Security Framework Review

The selection and adoption of an industry standard framework can be tough without wise counsel. Fortunately, we support and recommend the three most widely used security frameworks. They are NIST CSF, NIST 800-53 and Center for Internet Security (CIS). Each have a definite use cases that we can help you figure out.

SOC Preparation Review

The American Institute of CPAs (AICPA) is the world’s oldest and largest member association representing the audit and accounting professionals since 1887. AICPA maintains oversight for Statements on Standards for Attestation Engagements (SSAE) with version 18 being the latest revision (SSAE-18). Three Service Organization Control (SOC) reports were created by the AICPA with designations of SOC 1, SOC 2 and SOC 3. If you provide services online, your clients will inquire about your participation in the program. 

Policy Review

Your company and client’s personal identifiable information (PII) is extremely important. Policy writing for risk reduction, data security or compliance is paramount and serves as the foundation for these programs. Policies or procedural documents should be well-written, easy to understand and grammatically free of errors. 

Compliance Review

At some point it might be necessary for you to obtain or comply with governance requirements. The most common ones we see are Health Insurance Portability and Accounting Act Health(HIPAA) or Payment Card Industry Data Security Standard (PCI-DSS).  Where HIPAA protects patient health information (PHI) and PCI-DSS protects credit card data, either can be difficult to incorporate into your cybersecurity strategy. 

Scroll to Top