GRC and Audits
PREPARING CUSTOMERS FOR AUDITS
SOC-2 Type 2 Assessment
-
Not sure which Trust Service Principles are right for you?
-
Have you created your SOC-2 Type I or Type II scope boundaries correctly?
-
Where is your internal controls matrix?
We have helped our customers get ready for their SOC-2 Type 1 or Type 2 audits by providing them specific policies, procedures, control mapping and a checklist that may apply to the SOC-2 Trust Service Principles. We help scope your environment, so you are not including out of scope systems in your audits. We partner with a number of AICPA approved auditors to take you the entire way through an audit after our assessment is complete.
ISO 27001 Assessment
-
We help our clients write their Information Security Management System documentation and policy along with helping reduce scope for your ISMS.
-
Need a clear, easy to read and simplified Statement of Applicability? We will help you here. Our cybersecurity consulting team can get this done in no time at all!
-
Our team will step you through the entire process for your ISO 27001:2022 compliance effort and partner you with one of our ISO/IEC accredited partners.
-
The Pre-Assessment Phase is typically where most companies fail leading to major non=conformities in their final report. We ensure your pre-assessment phase covers all the key aspects for your ISO 27001 certification.
PCI DSS
-
Our PCI QSA Team are certified to provide our PCI DSS Level 1 and 2 customers advice and direction on how best to meet this standard.
-
Our Pre-assessments enable you to scope your Cardholder Data Environment
-
We help identify ways to descope requirement 3 and limit your CHD responsibilities
-
As we work with your security team; we will make recommendations on how best to address the controls in PCI DSS v4.0 and whether a Report on Compliance (ROC) is appropriate or a Self-Assessment Questionnaire (SAQ)
-
Contact a member of our PCI Team and we will be happy to walk you through our approach and planning methodology.
CSA STAR Level 2
If you offer customers a hybrid or cloud only service, the Cloud Security Alliance Level 2 certification is an important industry standard validation of your cloud or hybrid security controls. Our team is highly experienced at navigating these controls for our customers and ensuring they receive this accreditation as part of their compliance posture. Providing an independently validated CAIQ reduces the need to complete time consuming RFP questionnaires, long security due diligence cycles which all lead to long sales cycles. We can help in your readiness with this certification prior to supporting you through the audit with one of our strategic partners. No matter if your services are Hybrid, Azure, AWS or GCP based; our cybersecurity consulting services can support you.