Can you translate your product or industry to the most current regulatory requirements?  Can you map your capabilities to the compliance problems you solve? 

GRC is broken.  We can fix it. We tie out your security investment to your security and risk response.  With over 150 analyzed products, 5000 systems policies and current models for seven major sectors, you can resolve your most perplexing regulatory challenges in less than a month.

If you have hundreds of security products and you can't map them to your regulatory requirements, our methodology will make this relatively easy to accomplish.  If you have a product and you can't explain its capabilities to the security and compliance market, give us a call.

 How we do it

howwedoit

FINTECH – REGTECH, E-Commerce and Financial, US or International

  • General Data Protection Regulation (EU) 2016/679
  • CIS CSC 6.1 Top 20
  • PCI DSS 3.2
  • SOC 2 2016 plus Cyber Description Criteria
  • Cybersecurity Framework, CSF Critical Infrastructure
  • ISO/IEC 27002:2013
  • UK Cyber Essentials
  • NCSC NATIONAL CYBER SECURITY STRATEGY 2016-2021
  • FFIEC
  • GLBA
  • NIST 800-53 r4 + Appendix J
  • NIST 800-171 r1
  • Sarbanes Oxley SOX
  • GLBA

HEALTH, US or International, Private of Federally Funded

  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • HIPAA - HITECH Title 45 C.F.R. § 164
  • HITRUST CSF
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-171 r1
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Government Sector, DOJ, Federally Funded

  • CIS CSC top 20 6.1
  • Criminal Justice Information Services (CJIS)
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • FFIEC
  • FedRamp
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Oil & Energy Sector

  • NERC CIP (FERC)
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Construction

  • NERC CIP
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • NIST 800-171
  • Sarbanes Oxley SOX
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Education

  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • HIPAA - HITECH Title 45 C.F.R. § 164
  • HITRUST CSF
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Telecom - FCC

  • NERC CIP (FERC)
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • FedRamp
  • SOC2 Trust Services-AICPA