Policy Framework

  • Policy Review:  We review any existing policies.
  • Draft Review:  We draft policies and review each one with your organization.
  • Approvals:  We ensure policies undergo Adobe-based approval process.
  • Reminders:  We identify policy items (i.e. checking backup logs) that need regular attention.
  • Exceptions:  We help orgs track exceptions to policy statements in their org for subsequent review.

Risk Assessment

We work with your management team to capture essential information and build a clear understand.

We analyze the information that was gathered and provide you with a Risk Assessment Report. 

We advise you on how to mitigate the risks and fix any vulnerabilities.

Compliance Management & Remediation

  • HIPAA (Health Insurance Portability and Accountability Act) is a federal law that requires organizations to protect the privacy, security, and confidentiality of individuals' health information.
  • We can help ensure you stay HIPAA compliant and avoid costly penalties for noncompliance by providing guidance and support in implementing the necessary policies, procedures, and controls to protect sensitive health information.
  • HITRUST (Health Information Trust Alliance) is a widely recognized information security framework which provides standards for managing information security risks in healthcare organizations, and a certification . An HITRUST certification demonstrates your commitment compliance with applicable regulations, such as HIPAA and the HITECH Act.
  • We can help you navigate the complex requirements of the HITRUST framework and achieve certification more efficiently and effectively.
  • NIST 800-53 is a publication by the National Institute of Standards and Technology (NIST) that provides a comprehensive set of security and privacy controls for federal information systems and organizations. These controls are designed to help organizations protect their information systems and assets against a wide range of security threats and risks.
  • We can help you identify the applicable controls, assess their current state of compliance, and develop a plan to address any gaps or deficiencies.

Application Security (AppSec)

  • Static Application Security Testing (SAST):  Identifies vulnerabilities in your source code.
  • Dynamic Application Security Testing (DAST):  Identifies vulnerabilities in running applications.
  • Software Composition Analysis (SCA):  Identifies known vulnerabilities within a codebase.
  • Manual Penetration Testing (MPT):  Identifies vulnerabilities and weaknesses that automated tools might miss.