What you can Expect from an engagement
01 Discovery
Inventory Critical Business Processes
Catalog Contractual and Industry Requirements
Review and Assess Existing Control Catalog (including Policies and Procedures, Tools, Roles, and Reports)
Document Current Control State and Security Process Maturity
Define Required Future State
02 Assessment
Perform Risk Assessment
Map Existing Information Security and Privacy Controls to Defined Framework
Identify Critical Gaps and Prioritize Others for Remediation
Develop Remediation Plan
Assist Management and Process Owners Remediate Critical Gaps
03 Design
Prioritize Critical Controls for Expedited Remediation
Define Owners, Control Objectives and Workshop Control Activities
Define Required Artifacts (Policies, Procedures and Standards)
Define Future State and Create Implementation Roadmap
Define and Document Metrics for Critical Controls
04 Implement
Execute Implementation project for Tools, Process and Documentation
Build Reports and Reporting Cadence for Key Control Metrics
Evaluate compliance project deliverables, recommend and augment where appropriate
Formulate remediation and process maturity for general security controls
Collaborate with Internal Resources to align with industry standards and provide strategic direction