top of page

SERVICES

STANDARDS AND CONTROLS

 

We use standards and controls applicable to your privacy and security posture including:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking

  • HIPAA/HITECH Security, Privacy and Breach Notification Rules

  • Generally Accepted Privacy Principles (GAPP)

  • EU’s General Data Protection Regulation (GDPR)

  • ISO/IEC 27001-2:2013

  • CIS Top 20 Critical Security Controls (CA AG requires)

  • SEC OCIE Cybersecurity Initiative

  • NIST Cybersecurity Framework

  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation) 

  • Applying Risk Management Program Management and Principles

We work with our clients and develop a common sense approach to meet your needs.

PRIVACY OR SECURITY PROGRAM
PHASE I 

Risk/Gap Assessment Detail

  • Data mapping

  • Controls evaluation to standards

  • Risk assessment

  • Policies and procedures review (optional depending upon readiness)

  • Findings and recommendations report

  • Gap and risk register to actively manage recommendations


PHASE II
Program Establishment
  • Design governance infrastructure/roles and responsibilities

  • Establish risk management/ controls framework for sustainability

  • Requested documents review

  • Develop policies/procedures

  • Develop/deliver training

  • Design role-based access control (RBAC) rights

  • Design program oversight/monitoring

  • Obtain executive/board commitment and empower privacy/security official 

PRIVACY/ SECURITY-BY-DESIGN
  • Privacy engineering (SDLC) program/ policy/ training

  • Privacy impact assessment (PIA/DPIA) during product design (scope includes security)

  • E.g. big data, mobile apps, IoT, websites, robotics/AI 

THIRD-PARTY DUE DILIGENCE and MANAGEMENT
  • Pre-contract due diligence and contract requirements

  • Cloud services (use cases) policy/guidance

  • Managed security services - build vs. buy guidance/assessment

  • Third-party management program/policy

CONSULTING SERVICES
À LA CARTE
  • Obtain executive commitment

  • Mobile app/ website privacy policy for counsel review

  • Cross border transfer rules guidance

  • Workplace privacy/social media privacy guidance

MONTHLY RETAINER
  • Provide guidance and advice as requested as Subject Matter Experts in Privacy and/or Security

bottom of page