Learn More

The Business Challenge

As technology becomes more advanced, regulations become more complicated. Failing to adhere can result in large fines and legal entanglements that damage your reputation and wreak havoc on your bottom line. Even with those looming threats, many organizations procrastinate compliance assessments. If they don’t have compliance experts on staff, businesses face an uphill battle, trying to achieve compliance while “learning on the job.”

How We Help

Compliance assessment is an opportunity for your organization to take stock of its IT infrastructure, increase operational efficiencies, tighten security, and reduce liability. Regulatory compliance is a complement to other governance, cybersecurity, and risk management activities that provide valuable insight to IT and business leaders.

We have expertise addressing a wide variety of government and industry regulations, as well as the globally accepted security frameworks.

How it works

  1. Executive-level consultants provide hands-on leadership to ensure every project is a success. Each engagement is led by senior-level consultants with 20 or more years of experience.
  2. Our consultants leverage their experience to maximize efficiency. You can expect a board-ready draft report within one week after our assessment is done.
  3. In our reports, we translate technical findings into business risks that all stakeholders, in and outside of IT, can understand and appreciate.

The Details

We have expertise addressing a wide variety of government and industry regulations, as well as the globally accepted security frameworks.


  • Children’s Internet Protection Act (CIPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Family Educational Rights and Privacy Act (FERPA)

Energy and Utilities

  • North American Electric Reliability Corporation (NERC) Standards

Financial Services and Insurance

  • Gramm-Leach-Bliley Act (GLBA)
  • Federal Deposit Insurance Corporation (FDIC) Standards
  • Federal Financial Institutions Examination Council (FFIEC) IT Security Handbook
  • Red Flags Rule
  • National Association of Insurance Commissioners (NAIC) Model Audit Rule (MAR)
  • National Credit Union Administration (NCUA) Standards


  • Health Insurance Portability and Accountability Act (HIPAA)
  • HITRUST Common Security Framework (HITRUST CSF)
  • Red Flags Rule

Public Sector

  • Criminal Justice Information Systems (CJIS)
  • Federal Information Security Management Act (FISMA)
  • National Institute of Standards and Technology (NIST) Special Publications 800 Series

And More

  • Center for Internet Security (CIS) 20 Critical Security Controls
  • Control Objectives for Information Technology
  • International Standards Organization (ISO) 27000 Series
  • NIST Cybersecurity Framework
  • Payment Card Industry Data Security Standards (PCI DSS)
  • Software Licensing
  • Sarbanes-Oxley Act (SOX)

Related Services


Our Latest Success