“If You Think Compliance Is Expensive – Try Non-Compliance !” -Former US Deputy Attorney General Paul McNutty

Organizations must focus on security initiatives that address threats and protect business. At the same time, compliance and regulations continue to change. GRC solutions (Governance, Risk Management and Compliance) that are efficient and automated are ideal to identify risks to systems and ensure compliance.  A mature risk management program that focuses on threats helps companies avoid loss events that affect safety, security and privacy. 

If you want systems that are ready to support digital transformation, talk to us about our services in IT Risk Maturity & Prioritization, GRC Configuration & Enablement, and global compliance assessments. These solutions are geared to support changing compliance requirements and threats, including threats to connected devices.  Reporting based on stakeholder needs ensures powerful management support. Our emphasis on key risk and performance indicators gives you the continual assurance to monitor threats. Our solutions and consultants give you the tools to know with confidence that you have the right controls in place for IT architecture.

Areas of Professional Services: 

• Health Insurance Portability and Accountability Act 1996 (HIPAA) Privacy & Security Gap / Risk Assessments                                         
• General Data Protection Regulation EU 2016 (GDPR) Gap & Security Risk Assessments + Privacy Shield                                                                                                   
• California Consumer Privacy Act 2018 (CCPA) Gap & Security Risk Assessments                                                                                            
• Gramm-Leach-Bliley Act 1999 (GLBA) Gap & Technical Risk Assessments                                                                                                      
• Financial Industry Regulatory Authority 2007 (FINRA) Gap & Technical Risk Assessments                                                                                     
• International Traffic in Arms Regulations (ITAR) & Export Administration Regulations (EAR) The United States government controls the export and import of defense-related materials and technology through these regulations.
• Federal Risk and Authorization Program (FedRAMP)
• National Institute of Standards and Technology (NIST) 800-x Gap & Security Risk Assessments
• Cybersecurity Maturity Model Certification (CMMC) All vendors of the US Government MUST apply for and be assigned a CMMC designator or category BEFORE July 1, 2020

DSAR for GDPR/CCPA

What is DSAR? DSAR stands for Data Subject Access Rights, but you’ll also see it used as an acronym for Data Subject Access Requests. Put simply, regulations like GDPR give individuals the right to request information about the way companies handle their personal information.