Risk and IT Controls Assessments

Security does not exist in a vacuum. There are numerous IT control programs that use a risk-based approach to providing a framework from which to build and assess your security program. Indeed, in many industries it is necessary to meet the criteria enumerated in these compliance programs. But often the question is, where do we start?

 

Our Value Proposition:

Not only can Excellens Consulting provide clients with the best approach to becoming compliant but we can also examine your IT control program to identify gaps, provide remediation guidance, and take a holistic approach to not only determine your compliance, but also ensure that your program provides assurance that your information is appropriately protected. This is at the heart of the Excellens Consulting difference. We do not merely assess your compliance to external programs, but also take a common-sense approach to evaluating the efficacy of these controls. Excellens ensures that all of our clients' programs provide the maximum amount of protection using the resources available.

 

Industry Standards:

Excellens consultants have experience working with numerous industry standards. From building compliant security programs from the ground up, to assessing and remedying faults in existing programs against various computer standards, Excellens has seen it all. We have custom tools that focus on risk and provide metrics for aiding in the decreasing of risk, increasing security, and meeting compliance. Excellens' preferred standard set is that of the National Institute of Standards (NIST). NIST guidance is among the best in the world and provides comprehensive security to all industries.

 

Excellens has extensive experience, and can provide expert guidance and assessment services, in most other relevant and related programs such as, but not limited to: 

  • ISO 27001/27002

  • HIPAA/HITECH

  • PCI-DSS

  • Sarbanes-Oxley

  • ITIL

  • COBIT

  • FFIEC Examinations

  • GLBA

  • NCUA Regulations

An important factor is also that while particular controls differ according to the standard, auditing is auditing regardless of standard, and Excellens can evaluate and assist in compliance with any program out there.

 

All of our analyses include both technical descriptions of gaps and step necessary for remediation, but also executive guidance explaining the business implications of the gaps. By addressing both the in-depth technical aspects of the findings as well as the larger business implications we can provide thorough and clear strategic guidance on remediation.

©2017-2018 by Excellens Consulting LLC.