What you can Expect from an engagement

01 Discovery

  • Inventory Critical Business Processes

  • Catalog Contractual and Industry Requirements

  • Review and Assess Existing Control Catalog (including Policies and Procedures, Tools, Roles, and Reports)

  • Document Current Control State and Security Process Maturity

  • Define Required Future State

02 Assessment

  • Perform Risk Assessment

  • Map Existing Information Security and Privacy Controls to Defined Framework

  • Identify Critical Gaps and Prioritize Others for Remediation

  • Develop Remediation Plan

  • Assist Management and Process Owners Remediate Critical Gaps

03 Design

  • Prioritize Critical Controls for Expedited Remediation

  • Define Owners, Control Objectives and Workshop Control Activities

  • Define Required Artifacts (Policies, Procedures and Standards)

  • Define Future State and Create Implementation Roadmap

  • Define and Document Metrics for Critical Controls

04 Implement

  • Execute Implementation project for Tools, Process and Documentation

  • Build Reports and Reporting Cadence for Key Control Metrics

  • Evaluate compliance project deliverables, recommend and augment where appropriate

  • Formulate remediation and process maturity for general security controls

  • Collaborate with Internal Resources to align with industry standards and provide strategic direction

For a Free Consultation Session

Work with Us

Need More Information?

Contact us at info@craftelli.com