1)  Governance – focus is on establishing governance frameworks to achieve, “you cannot manage what you don’t monitor.”

2)  Risk – focus is on establishing a sustainable and repeatable risk management program.  We provide manual and automated services to train organization staff on common risk management terminology, identify organization assets, areas of concern, threats, vulnerabilities, inherent risk and residual risk (after taking controls into consideration).   We also deliver executive summary and detailed risk assessment report with actionable items.

In addition, we perform services to assist organizations understand and document, in measurable terms, the IT System risks specific to governance and compliance regulations. Assessments answer the questions:

3)  IT Compliance – focus is on manual and automated attestation services performed to determine point-in-time conformance with formalized predefined requirements and standards. Requirements are typically driven by governmental, contractual or internal requirements. The primary deliverable is typically a written report stating an opinion on the state of compliance, details of deficiencies and remediation recommendations. Performance of outsourced IT Audit services and our Virtual Compliance Officer (VCO) are also included in this service offering.