Compliance & Assessment
We not only assess your compliance, but also help you to improve it.
Compliance is the first step
Compliance frameworks have always been intended to be the first step to a complete, risk management-based security program. Depending on your industry and business aspirations, you may have a specific framework that you are required by law, regulation, or industry group to implement.
We’ve been working with the majority of compliance frameworks for over 10 years and have seen them grow and change. We know where they came from, why they are what they are, and the direction they are headed.
We work with our clients to achieve compliance as efficiently and effectively as possible. Compliance doesn’t have to break the bank. We help you use what you already have, responsibly manage and accept risk, and present the whole picture as accurately and concisely as possible.
Although HIPAA has a long history of slow roll-out and enforcement, its teeth have never been sharper than they are now. The Department of Health and Human Servicess Office of Civil Rights is receiving more and more reports of potential breaches and is obligated to investigate each one.
Breaches aren’t just the product of wily hackers trying to get you from the outside. They happen when employees are negligent, when processes aren’t well designed and documented, and when you haven’t taken adequate time to prepare.
You may not be able to prevent every breach. However, the more you prepare, the less you have to worry. Preparation leads to successful risk management, which leads to fewer breaches ─ and better detection and containment of the ones that do slip through.
DFARS, CMMC, & NIST
If you are a defense contractor, you know the wild ride of DFARS and CMMC over the last few years. The DoD is rushing to do what it should have done years ago and you are forced to go along for the ride.
While it may seem like a haze of unknowns and guessing, there are constants that the programs are built upon. These haven’t and won’t change. This is where we anchor our approach. We then build on that as the DoD and CMMC-AB release additional guidance.
Having assessed and consulted within government agencies using NIST SP 800-53, we know NIST SP 800-171 and CMMC like the backs of our hands. We use this experience to get our clients to the maturity level they need to win contracts and protect CUI data.
If you are a financial institution, you should be well aquainted with the FFIEC. And while they have always been a little nervous about dictating strict requirements, they have cobbled together a maturity model from years of guidance memos and publications.
This maturity model is heavy on planning but also comes with a large set of technical control requirements. Fortunately, it also includes a great methodology for determining your organization’s appropriate maturity level target.
We specialize in working with nontraditional financial organizations such as community lending programs and financial technology (fintech) startups. In the beginning, many are nervous about the time, cost, and complexity of implementing guidance. We help clarify, simplify, and manage each of those for our clients.
These are just a few of the compliance frameworks with which we have experience. There are many others that overlap and share the same controls, but are organized a little differently. We’ve also worked with PCI-DSS, SOC, COSO, NIST Cybersecurity Framework (CSF), Sarbanes-Oxley (SOX), GLBA, and Walmart’s requirements for sharing sensitive data.
We have the most compliance and assessment experience of anyone in the state. We would be happy to help you get your program underway or build it to perfection.
We're Here To Help!
417 Main St. Ste 326-11
Little Rock, AR 72201