SECURITY + PRIVACY = COMPLIANCE
You are concerned about cyber-security risk or you face regulatory compliance requirements like HIPAA and the California Consumer Privacy Act (CCPA). We can help you by assessing your security and privacy situation define a roadmap and deliver the change needed. We help companies achieve their compliance requirements by leading, operationalizing and improving Security and Privacy programs. For companies without a full-time Chief Information Security officer or Chief Privacy Officer, we can fill that role on a cost-effective part-time basis.
Our Services
MANAGE - Fractional Chief Information Security Officer services
Contact us when you need a holistic but reasonable security program that addresses risk to the business not just technical controls.
ASSESS -Privacy and Security program assessments
Contact us to understand the information risk posture of your organization. We translate information security into business terms.
DO - CCPA Data Mapping and DSR process implementation
Need to rapidly implement a cost-effective California Consumer Privacy program? We can help you automate this to reduce cost of implementation and operation.
PREPARE - SOC 2 Readiness Management
We help organizations prepare for HIPAA, SOC 2, HITRUST and ISO27001 audits and to implement procedures and record keeping to maintain certification.
TEST - Security Testing and Remediation
We deliver Penetration and Vulnerability tests and help remediate issues
Service Overviews
You can think of us as your outsourced Information Security and Data Privacy leadership team. We help clients manage cyber-security risk and achieve HIPAA/
HiTect and CCPA compliance. We align Infosec and Privacy strategy with business goals while working with internal IT, Operations, Marketing and Sales departments.
MANAGE - Fractional Chief Information Security Officer
We provide fractional Chief Information Security Officers who can help you build an information security program and ensure that governance matches compliance requirements on a continous basis.
ASSESS - Privacy and Security Program Assessments
Every mature information security program is built on a framework (e.g., NIST or ISO27001) of a continuous lifecycle set of governance steps:
♦ Establishment of governance policies
♦ Assessment of risk
♦ Creation of a balanced risk treatment plan
♦ Implementation and operation of administrative and technical controls
♦ Measure, Detect and Improve
Compliance requirements HIPAA, CCPA, etc, have an underlying assumption that you have implemented a mandated or reasonable security program. We can assess the state of your program and define a recipe for improvement if required.
DO - California Consumer Privacy Act - CCPA operalization services
The California Consumer Privacy Act (CCPA) requires that if your business manages CA consumer personal information (PI) for your business and your for profit business meets the threshold of number of PI records managed or you are a service provider for others, you will take reasonable measures to protect the PI. You will also need to know how the PI was acquired, the categories of PI you manage, how it is being used. Your business must know where the PI is, be able to let a requesting consumer know the categories an actual PI the business maintains, accept a consumer’s right to opt-out of sale of their PI, and unless it has statutory or legal requirements to keep the PI, it must abide by a consumers right to delete the PI.
We can assess business compliance to CCPA and help your organization implement the required manual or technically enabled procedures to become compliant.
PREPARE - SOC 2 Readiness Program Management
If your business processes transactions or manages personal health information (PHI), personally identifiable information (PII) or the broad category of personal information (PI) for other businesses, you are likely to have a contractual requirement to implement a security program that protects the confidentiality, integrity and security of the data. Often, the contractual requirement is to become certified as SOC 2 compliant. We have a standard methodology to help businesses achieve SOC 2 Type II certification as quickly and cost effectively as possible.
Contact us if you need to make this happen for your business.
PREPARE - HITRUST Certification Readiness
You may have a requirement to become HITRUST Certified. Our certified HITRUST practitioners have the experience to help you with the steps to prepare for certification.
TEST - Security Testing and Remediation
Vulnerability testing and Penetration testing are critical components of every mature security program. They provide information about cracks in the security architecture that can be leveraged by attackers. We deliver these services, help businesses to remediate the identified issues and most importantly, we help our clients improve security process to reduce the likelihood that security tests will find vulnerabilities.