Compliance Accountability

Is your business compliant?

In any industry, your business may be required to follow certain rules and regulations regarding information security. This may be because your business handles sensitive customer data, or works with another business or organization that does. Whatever the reason may be, complying with those regulations is essential to your business’s success.

Our CaaS program will help your business establish and maintain the controls to meet compliance standards used by your business, gather and store evidence to confirm compliance with those standards, manage policy approvals/versioning by stakeholders, and track user acceptance.

Why be compliant?

Insurance

Cyber Insurance is essential, and the requirements insurance companies are putting into their policies are becoming stricter and stricter.

Win Contracts

There’s nothing worse than losing a bid for a contract because you aren’t certified secure. Be pre-emptive and apply with confidence.

Adhere to Oversight

If you work in a regulated industry, compliance is required for you to operate. Stay compliant and stay open for business.

Get started & solve your problem!

Cyber Insurance Requirements Compliance Review

In conducting a cyber insurance review for a client, we found that their policy limits were less than 10% of the potential costs involved in a breach, mainly due to 3rd-party liability exclusions. The client’s insurance agent had simply sold them a policy available from his firm because without knowing how to quantify cyber risk. We helped the client change providers to obtain the correct amount of cyber insurance.

Problem

Most insurance professionals do not understand how to quantify cyber risk and therefore unable to correctly size policies. And cyber insurance qualification requirements get stricter every renewal. Not keeping up with changing requirements could result in higher premiums or outright denial of coverage. In addition, we’ve found that many cyber insurance policies do not provide appropriate coverage for the organization being insured. 3rd-party liability is one of the most frequently missed coverages.

Solution

Review the cyber insurance policy annually to ensure amounts and situations covered align with the organization’s risk; and that the organization remains qualified for cyber insurance at a premium commensurate with that risk.

Positive Result

Ensure that coverage and premiums correctly match the organization’s risk profile.

Get started & solve your problem!

Security Incident Response Testing & Validation (Tabletops)

A company conducting business in both the U.S. and Canada needed to meet CAN/CIOSC-104 (50+ controls) and NIST 800-53 (100+ controls). When the company gathered the required evidence for a single communized set of controls, they automatically had the evidence required for both standards.

Problem

Security standards vary depending on the industry, oversight, jurisdiction, and regulatory bodies. Slight differences in wording for the same risk/control in each standard can lead to duplication of effort when gathering evidence of compliance.

Solution

Use a 3rd-party list of controls that encompasses multiple compliance standards (CMMC, NIST, CC104, ISO, etc.)

Positive Result

Complying with a single control ensures compliance for related controls across multiple standards.