Information Security, Compliance, and Risk Management Consulting
Any Risk Management, Compliance, or Security approach must be focused on, and driven by the needs of the business. We leverage our extensive business history to design a program (large or small) that includes risk management, security policies/ procedures, and operations that fit.
Our Process
We customise all our engagements to meet your specific needs. We will focus first on:
- Understanding your business, and constraints
- Understanding your goals and needs
- Understand what you have already accomplished
We will then work with you to develop (and implement) a program that manages risk in a way that brings value to you, takes a pragmatic and realistic view of risk and allows you to make the decisions you need to make.
Example Services
- High Level Security Review: Review your operations against current real world threats (i.e. How are we really doing?)
- Threat Risk Assessment: More detailed investigation on all threat models, support on implementation controls and future testing.
- Policies and Procedures: Develop, modify and implement policies and procedure demonstrating compliance to specific standards (ISO, NIST, HIPPA, etc.)
- Training: Security and Compliance Training, lunch and learn, understanding of threats, etc.
- Board Evaluation: External assessment of security posture for internal board.
- Privacy Compliance: Implementation and training for privacy regulations, PIPEDA, PIPA, GDPR, etc.
- Compliance Audit: Review implementations of compliance frameworks to determine and verify compliance.