We facilitate audits, develop policies, and procedures to ensure full compliance.
We start with a baseline and a pre-assessment to gather information for a gap analysis.
We develop key performance indicator (KPI) to ensure progress and get traction for compliance.
PCI DSS
ISO 27001
SSAE 16 SOC I and II Reporting
- SOC 1 Type 1: A design of controls report used for evaluating and reporting on the design of controls put into operation as of a specific point in time.
- SOC 1 Type 2: Includes the design and testing of controls to report on the operational effectiveness of controls over a defined period of time (typically six months).
- SOC 3: A general use report that falls under the SysTrust and WebTrust seal programs, and does not contain a description of the service auditor’s test work and results.
- Organizational policy
- Acceptable use policy
- Risk management policy
- Vulnerability management policy
- Data protection policy
- Access control policy
- Business continuity policy
- Log aggregation and auditing policy
- Personnel security policy
- Physical security policy
- Secure application development policy
- Change control policy
- E-mail policy
- Incident response policy