Compliance Assessment & Readiness

Services Security & Compliance Compliance Assessment & Readiness

Compliance Assessment & Readiness

Ensure your compliance through reasonable, achievable controls. Review findings and recommendations to prioritize and remediate issues as necessary.

If you host data or services on behalf of your clients or customers, SOC 2 is in your future. If that data includes PHI, PII, or PCI you also have to contend with HiTrust and/or PCI-DSS. If your clients include public sector entities such as state or federal agencies, add in NIST CSF.

Cybersecurity is a looming concern whether your organization is a Global 2000, Fortune 500, or Small-to-Midsize Enterprise. No matter the size of the organization, the Cybersecurity team must ward off threats posed by malicious outsiders, malicious insiders, or careless employees and vendors.

Adding to the challenge, organizations must also be able to demonstrate ongoing compliance with cybersecurity standards. Non-compliance can pose an existential threat to the business, especially for organizations in regulated industries. Too often, Cybersecurity leaders and teams are underfunded, overburdened, and pulled in too many directions to be effective.

We have developed security assessment services that can be tailored to any number of regulatory regimes, including:

We help you comply with existing guidelines and identify where any security gaps may exist to help ensure they are compliant and incorporate adequate controls.

Readiness Review

Determine how ready your organization is to comply with existing regulations, including reviewing documentation, interviewing selected managers and making general observations.

Compliance Assessment

Initiate an assessment that includes an in-depth review and analysis of policies, procedures and documentation, interviews with staff, and testing existing processes and controls.

Risk Assessment

Perform a thorough assessment of regulatory compliance by comparing potential risks and vulnerabilities to the confidentiality, integrity, and availability of protected information.

Policies and Procedures Update

Add to or update policies and procedures based on findings from our readiness review or compliance assessment.

Our Solution: Compliance or Certification Readiness Assessment

We have developed security assessment services that can be tailored to any number of regulatory regimes, including:

SOC 2 Assessments and Audits
NIST Cyber Security Framework (CSF) & NIST 800-53
ISO 27001
C0BIT 5
HiTrust
PCI-DSS

The goal of the exercise is to rapidly prepare your organization for the certification regimes that are relevant to your organization.

Cybersecurity Readiness Exercise

Discovery
Workshops
Action Plan
Stakeholder engagement

Control
Improvement
Process
Enhancement
Final audit
Preparations

Compilance Certification

Confidentiality
Privacy
Safety

Integrity
Security
Availability

We recognize that most organizations suffer from audit- and assessment-fatigue, so our approach is designed to be as lightweight as possible. We do this by coordinating and facilitating a series of rapid exercises that are augmented with well-designed instruments that we have developed over many engagements. Depending on the size of the organization, the number of locations, and availability of resources, we can typically complete the exercises in two-to-four weeks.

Privacy Overview

We use cookies and other tracking technologies to ensure that we give you the best experience on our website, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. More info

Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used:

Name	Provider	Purpose	Expiry	Type
_GRECAPTCHA	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	179 days	HTTP
rc::a	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent	HTML
rc::b	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
rc::c	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
__cfruid [x4]	info.atempo.com vstinc.com Zendesk	This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators.	Session	HTTP
__cfduid	vstinc.com	Used by the content network, Cloudflare, to identify trusted web traffic.	29 days	HTTP

Preferences Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos, live chats and your preferred language. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used:

Name	Provider	Purpose	Expiry	Type
loglevel	Wistia	Maintains settings and outputs when using the Developer Tools Console on current session.	Persistent	HTML

Statistics Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used:

Name	Provider	Purpose	Expiry	Type
seg	Appnexus	Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.	Session	Pixel
_ga [x2]	Giphy Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP
_gat [x2]	Giphy Google Tag Manager	Used by Google Analytics to throttle request rate	1 day	HTTP
_gid [x2]	Giphy Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP
collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session	Pixel
__hssc	Google Tag Manager	Identifies if the cookie data needs to be updated in the visitor's browser.	1 day	HTTP
__hssrc	Google Tag Manager	Used to recognise the visitor's browser upon reentry on the website.	Session	HTTP
__hstc	Google Tag Manager	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	1 year	HTTP
_ga_#	Google Tag Manager	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years	HTTP
hubspotutk	Google Tag Manager	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	1 year	HTTP

Marketing Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used:

Name	Provider	Purpose	Expiry	Type
anj	Appnexus	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.	3 months	HTTP
px	Appnexus	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.	Session	Pixel
uuid2	Appnexus	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.	3 months	HTTP
ga_clientId	Brighttalk	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Persistent	HTML
pagead/landing	Google	Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement.	Session	Pixel
tr	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	Session	Pixel
ads/ga-audiences	Google	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.	Session	Pixel
i/jot	Twitter Inc.	Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.	Session	Pixel
_an_uid	Google Tag Manager	Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.	6 days	HTTP
_fbp	Google Tag Manager	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months	HTTP
_gac_UA-#	Google	Stores information about ad campaigns from Google Adwords to show targeted ads to the visitor.	3 months	HTTP
_gcl_au	Google Tag Manager	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.	3 months	HTTP
_gcl_aw	Google Tag Manager	Used to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate of the website’s ads across multiple websites.	3 months	HTTP
_gd_session	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	1 day	HTTP
_gd_svisitor	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	2 years	HTTP
_gd_visitor	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	2 years	HTTP

Unclassified Cookies

These cookies are necessary to display content from social networks such as facebook, twitter, pinterest, etc. In such a way that you can share our content with your favorite social networks.

Cookies used:

Name	Provider	Purpose	Expiry	Type
_wchtbl_do_not_process	Google Tag Manager	Pending	1 day	HTTP
_wchtbl_pixel_sync	Google Tag Manager	Pending	1 day	HTTP
_wchtbl_sid	Google Tag Manager	Pending	Session	HTTP
_wchtbl_uid	Google Tag Manager	Pending	1 year	HTTP
dpm_time_site	Google Tag Manager	Pending	Session	HTTP
dpm_url_count	Google Tag Manager	Pending	Session	HTTP
hasLiveRampMatch	Google Tag Manager	Pending	Session	HTTP

Let's talk about your next big project.

Compliance Assessment & Readiness