Many organizations often overlook the importance of managing their data and are susceptible to data breaches and exploiting the organization’s sensitive information, including customer data. Having the right internal controls in place protects both parties and enhances customer confidence.

And many times it is the law. There are many standards, laws, and regulations in place that organizations are required to meet and remain compliant with. Failure to hold the appropriate reports and certifications; i.e., HIPAA – Health Insurance Portability & Accountability Act of 1996, can result in multimillion-dollar fines.

GBQ’s Enterprise Governance, Compliance and Risk Services provide guidance and consulting for managing risk.

Information security reports and certifications not only help organizations remain compliant with regulatory standards but also increase customer confidence. GBQ’s Enterprise Governance, Compliance and Risk Services team helps organizations gain access to the appropriate reports and certifications necessary to not only keep your business up and running but also to keep your business’ information safe and compliant.

Services include:

Control Framework Gap Assessments and Audits

    • Center for Internet Security Critical Security Controls (CIS 20)
    • National Institute of Standards and Technology Critical Security Framework (NIST CSF)
    • ISO 27000 Series
    • NIST 800-171 Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations
    • Custom framework gap assessments and audits based on specific industry regulations, customer contracts and other obligations your firm may have

Compliance Gap Assessments and Audits

    • Sarbanes Oxley 404 (SOX)GL
    • Gramm–Leach–Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health Act (HITECH)
    • General Data Protection Regulation (GDPR)
    • Payment Card Industry Data Security Standard (PCI)
    • California Consumer Privacy Act (CCPA)

Cybersecurity Technical Testing

    • Custom compliance gap assessments and audits based on specific industry regulations, customer contracts and other obligations your firm may have

Reports

    • SOC 1, SOC 2
    • HIPPA (Health Insurance Portability & Accountability Act of 1996)
    • HITRUST (Health Information Trust Alliance)
    • NIST CSF (National Institute of Standards and Technology Cyber Security Framework)
    • GDPR (General Data Protection Regulation)
    • ISO 27001 (International Organization for Standardization)
    • PCI (Payment Card Industry Data Security Standard)

Solutions to Improve and Manage Risk

    • Information Privacy and Security Program Design
    • Security Program Development
    • 3rd Party Vendor Risk Management
    • Business Continuity Planning
    • Training and Security Awareness
    • Fractional Security and Compliance Staff
    • Vulnerability Scanning Bureau
    • Policies and Procedures Development
    • Security Committee Formation and Facilitation
    • Develop Cybersecurity Policies and Architecture to Organization
    • Cybersecurity Risk Management
    • Enterprise Risk Management
    • Data Protection Impact Assessment