Governance and Risk Services

Information Security Management

Security management refers to the efficient application of resources to understand, prevent, avoid and respond to information-related loss. This objective is often eroded when vendors claiming panacea within products exert their influence.

Our Governance and Risk Services help to refocus on laying a solid foundation of accountability, decision making, and oversight. We specialize in tailoring standards, such as the International Organization for Standardization's ISO/IEC27000 series, and focus on implementation of practical policies and procedures sized for your company.

It is our hope that we transform organizations from merely reacting to breaches and losses, to planning, predicting and avoiding these costly situations.

Audit and Compliance

Of equal importance to establishing robust information risk management is our capability to demonstrate its effectiveness to stakeholders. Whether it is shareholders, board members, or customers, independent audits of security management will continue indefinitely.

Our team's experience in planning, executing and responding to these audits paves a clear path through a confusing mix of standards, compliance guidelines, legislation, regulation and reporting requirements. Whether you are a merchant dealing with the requirements imposed by the Payment Card Industry's Data Security Standard or reporting on access logs to comply with the Health Information and Protection Act, we can help clarify these requirements, ensure control evidence is appropriately collected, and remove confusion by acting as a liaison between audit teams and management.