Focus Areas

Cybersecurity and Risk Management

  • Cloud security and privacy
  • Agile / DevOps controls and risk management
  • AWS and Azure infrastructure management
  • Continuous integration and continuous deployment (CI/CD) methodologies
  • Process automation tools (e.g., Puppet, Chef)
  • Third party vendor risk management
  • Business continuity management
  • Enterprise risk management 
  • GRC tool selection and optimization
  • Security and governance over AI, bots and developing technologies.

Audit, Certification and Control Frameworks

  • Unified compliance / common control frameworks
  • SOC 1 – SOC 2 – SOC 3
  • SOC 2 Privacy
  • SOC for Cybersecurity
  • ISO 27001 – 27017 – 27018
  • FedRAMP
  • NIST 800-53
  • NIST Cybersecurity Framework
  • CSA CCM
  • HIPAA
  • PCI DSS
  • GDPR
  • Sarbanes-Oxley 
  • Country and industry specific standards

Crypto Management, Applications, and Standards

  • PKI policies and practices
  • Encryption management
  • Cryptographic key management
  • Code signing practices
  • Internet of things
  • Device authentication
  • Crypto applications such as blockchain and cryptocurrency
  • Key generation ceremonies
  • WebTrust for CAs 
  • CA/Browser Forum EV and Baseline Requirements
  • DNSSEC
  • PIN security standards
  • X9 security standards
  • FIPS 140-2

Core Components of Our Compliance Services

Compliance Strategy


  • Compliance Strategy Development
  • Requirements Definition
  • Compliance Roadmap
  • Compliance Posture Refresh 
  • Compliance Business Case Development
  • Sales Team Messaging and Training

Preparation and Implementation

  • Current State Assessment
  • Readiness Assessment for SOC2, ISO 27001, and other standards/frameworks
  • Unified Compliance/
    Common Control Framework Development
  • Practical Policies, Procedures and Standards Development
  • Process Design, Automation and Implementation

Sustained Compliance


  • Compliance Monitoring Design and Implementation
  • Audit Facilitation Assistance
  • Ongoing Monitoring of Critical Controls and Metrics
  • Evaluation and Selection of Compliance Systems/Tools
  • Compliance Management Through Major Changes
  • Management and Board Reporting
  • Enterprise Risk Assessment 

Drop us a line!