CipherTechs’ Policy Review assists organizations in either developing security programs from scratch or reviewing existing programs against industry standards, such as ISO 27000, NIST, or industry best practices.
SECURITY COMPLIANCE PROGRAMS
This service implies more than simply applying a generic security policy template to the specifics of the organization. The key focus of the Security Policy Review is in understanding what information the organization needs to protect, assessing its value in relation to the company’s overall business, and defining an overall vision to integrate security into all levels of company operations. CipherTechs’ Policy Service can also prepare or update existing operational policies, procedures and diagrams. Prior to initiating the review and development of company-wide security policies, CipherTechs’ Security Analysts typically undertake a series of assessments to establish an organizational security baseline to include:
- Information and Assets Value Assessment
- Data Governance Review
- Comprehensive Risk Assessment
- Countermeasures Assessment
SECURITY COMPLIANCE PROGRAMS: PCI DSS, EI3PA, HIPAA, SARBANES-OXLEY, GRAMM-LEACH BLILEY, & ISO 27000 During the last few years, various industry drivers have been increasingly regulating the application of security principles in sectors that require heightened protection of customers and their private information, such as credit card handling, health care, financial sector and others. Specific compliance mandates and security standards have shifted the attention on privacy of customer and patient information and on technical security safeguards and standards to achieve this protection. CipherTechs’ Security Compliance Audit Service offers organizations unique expertise and knowledge of the aforementioned legislation and a strong risk assessment methodology to help them to prioritize security-related mitigating actions. Our services focus on security program review using legislation’s published criteria such as PCI DSS Version 3.2, HIPAA, Sarbanes-Oxley, Gramm-Leach Bliley, and the EU GDPR.
WHAT WE OFFER
CipherTechs offers a modular Security Compliance Program to meet organizations’ changing needs and priorities. The following modules can be performed independently or as a whole security program review, depending on the client’s needs and on the status of its security program advancement:
- Initial Risk Assessment
- Current Security or Privacy Program Analysis
- Gap Analysis
- Initial and Periodic Vulnerability Assessments
- Security or Privacy Program Roadmap Assessment
- Countermeasures and Security or Privacy Program Alignment Projects
- Security or Privacy Training Program and Awareness
CipherTechs’ compliance audit services help organizations to first assess their compliance risks by completing a security or privacy gap analysis, then guiding them through the established security or privacy compliance roadmap. The initial risk assessment helps clients to prioritize the riskiest areas of their financial and human resources to the riskiest areas. The security roadmap helps the organization maintain momentum in managing security projects that can span several years.