Can you translate your product or industry to the most current regulatory requirements?  Can you map your capabilities to the compliance problems you solve?  GRC is broken.  We can fix it. We tie out your security investment to your security and risk response.  With over 150 analyzed products, 5000 systems policies and current models for seven major sectors, you can resolve your most perplexing regulatory challenges in just months. 

If you have hundreds of security products and you can't map them to your regulatory requirements, our methodology will make this relatively easy to accomplish.  If you have a product and you can't explain its capabilities to the security and compliance market, give us a call.  An investment of less than 15K USD will reap guaranteed results.

How we do it - First, we keep an eye on technology

eyeontechnology

Start with industry standards and experts.  Really study and contribute.

NIST CSF Annex A

Work as a team to add value to security operations and product architecture

CSFsystempolicy2framwork

Never wait for clients to tell you the new standard is needed.  Be first to let your clients understand what's important.  Get the materials out to the world within weeks or days of the new release.

DesCritCyberRisk

Pay full respect to Her Majesty the Queen, or any other part of the EU

NCSC EnterpriseGRCUniverseMapping

Thoroughly understand data-centric requirements in satisfying all aspects of EU Global Data Protection Regulation

GDPR EnterpriseGRC UniverseMapping

Map everything back to NIST 800-53 r4 + Appendix J and ISO/IEC 27002:2013 - add NIST 800-171 for non-Federal or Public Sector Compliance

SOC2Auditoncecomplymany

NIST 800-171 for public sector

NIST171Coverage

PCI DSS 3.2

PCI32AuditOnceComplyManyWe tie all the technical aspects of system configurations and policies to the most substantial security risk assessment. We make no pretense of extending to all areas of business.  We assume we only play a part.HIPAAHITRUSTmapping

We assure you that the interpretation of risk is relative to industry recommendations and our role is to supply you the resource to make the right decisions faster.

FedRampReady

We make it relevant to Security Program Architecture - never assign a human to the task that a technology investment is supposed to do, never assign a technology to the monitoring that a human should do

ProductsNecessary2GDPR

Tie products to the enterprise risks, strategy, and controls

howwedoit

We can operate at a compliance G-Force that knocks most people flat on their ...

 

RegulatoryDNAHelix

 

Here are our Industry-specific regulatory collections:

FINTECH – REGTECH, E-Commerce and Financial, US or International

  • General Data Protection Regulation (EU) 2016/679
  • CIS CSC 6.1 Top 20
  • PCI DSS 3.2
  • SOC 2 2016 plus Cyber Description Criteria
  • Cybersecurity Framework, CSF Critical Infrastructure
  • ISO/IEC 27002:2013
  • UK Cyber Essentials
  • NCSC NATIONAL CYBER SECURITY STRATEGY 2016-2021
  • FFIEC
  • GLBA
  • NIST 800-53 r4 + Appendix J
  • NIST 800-171 r1
  • Sarbanes Oxley SOX
  • GLBA

HEALTH, US or International, Private of Federally Funded

  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • HIPAA - HITECH Title 45 C.F.R. § 164
  • HITRUST CSF
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-171 r1
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Government Sector, DOJ, Federally Funded

  • CIS CSC top 20 6.1
  • Criminal Justice Information Services (CJIS)
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • FFIEC
  • FedRamp
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Oil & Energy Sector

  • NERC CIP (FERC)
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Construction

  • NERC CIP
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • NIST 800-171
  • Sarbanes Oxley SOX
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Education

  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • HIPAA - HITECH Title 45 C.F.R. § 164
  • HITRUST CSF
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • PCI DSS V3.2
  • SOC2 Trust Services-AICPA

Telecom - FCC

  • NERC CIP (FERC)
  • CIS CSC top 20 6.1
  • CSF Framework for Improving Critical Infrastructure Cybersecurity
  • Cybersecurity Risk MGT Program - Description Criteria © AICPA 2017
  • General Data Protection Regulation (EU)
  • ISO/IEC 27002:2013 €
  • NCSC NATIONAL CYBER SECURITY STRATEGY
  • NIST 800-53 r4
  • FedRamp
  • SOC2 Trust Services-AICPA