Independent Security & Privacy
We provide Quality Control Determinations forPlay Video
credible, informed risk-based decisions.
Watch why a quality assessment is critical
Globally recognized cybersecurity certifications.
We aim to exceed customer expectations by specializing primarily with the NIST Risk Management Framework (RMF) Step 4: Assess Security Controls.
Get repeatable assessment methods and tailored recommendations from a certified information systems auditor (CISA).
Plan of Action and Milestones Report
Prioritize weaknesses according to your risk appetite and track remediation.
Ensure privacy compliance with the help of a certified information privacy professional (CIPP/G).
Policy and Procedures
Let us review the current existence, effectiveness and compliance of your policy and procedure set in the context of FISMA and SP 800-53 compliance.
How We Work
It's not a one size fits all assessment approach. We understand some environments are complex and we take that into account when developing an assessment plan, which requires approval before we begin.
Straightforward and unbiased assessments, avoiding convoluted or overly long phrases. Accurate and digestible security assessment reports (SAR) and plan of actions & milestone reports (POA&M) intended for senior management briefings.
Brief yet comprehensive assessment results. Ensuring all control requirements are addressed with information only applicable to that specific control. Succinct rationale for any other than satisfied (OTS)/failed controls.
Methods arriving to a determination always remain the same – examine, test and/or interview. Reviewing implementations but never copying and pasting. Interview notes are detailed with point of contact information and dates. Artifacts/evidence are never reused/outdated.
Responsive to all applicable National Institute of Standards and Technology (NIST) and agency requirements. Assessments are done as if your system was being selected for a deep dive audit. No shortcuts and results are always supported by evidence.