Establishing and maintaining a compliance program is a challenge for every organization. Every day anew rule or regulation is published, and by the time a company is up and running the landscape may have changed. Once organizations have achieved a certification, maintaining those controls can be equally challenging. Click on a service below to learn more about how we can improve your organization’s cybersecurity profile.
Every day a new rule or regulation is published, and by the time a company is up and running the landscape may have changed. Once organizations have achieved a certification, maintaining those controls can be equally challenging. We support clients with several standards and regulatory requirements including:
Our organization breaks these services into four primary areas:
ProCircular’s virtual Chief Information Security Officer (vCISO) service is a broad set of services to support a Client’s security and privacy program. ProCircular provides formality and organization of processes and practices to improve a Client’s security resilience. The principle purpose of vCISO is for ProCircular to assist in the overall security strategy, advice, and oversight for the Client.
This service is available as a yearly subscription and can help an organization make rapid improvements to their cybersecurity maturity. The vCISO categories are constructed to offer varying levels of service depending on the Client’s needs. The versions of the vCISO service are listed below:
We scan your repositories of information, whether database, infile systems or on the cloud, and help you to identify cyber, legal and regulatory risks. We work with you to classify the various types of data. At the end of the day your organization will understand their data, define its owners, determine the importance of the information, and reveal retention and regulatory requirements that may be necessary to safeguard and delimit its storage.
ProCircular’s voting process and device assessment provides a 360-degree view of the relative risks associated with current voting systems. Understanding and identifying risks associated with technical, human, and
procedural/governance behind the voting process will ensure that all information will be stored securely.
Through auditing and security testing, the integrity of each system can be solidified to maximize cybersecurity hardiness on election days and beyond. ProCircular works with your team to develop a plan for information security that enables all parties to be comfortable and confident in their ability to secure constituents’ personal information.
Two different phases are conducted in concert. The results are combined in an actionable report that allows you to prioritize improvements and protect your election.
Phase 1: Audit of Voting Device Inventory
1. Audit: An asset list of voting devices is audited to determine list accuracy. Device compliance will be determined through auditing internal controls. Protocol for onboarding and offboarding will also be reviewed to ensure that appropriate action takes place.
2. Interview: The engineering team will be interviewed to determine knowledge level of required security protocols.
3. Review: After a review of patch management, internal policies, vendor communication, and quality controls, ProCircular will prepare a report with in-depth assessment details. This report includes our key findings and provides recommendations to guide you through the cybersecurity process.
Phase 2: Voting Device Security Testing
1. Consult: Working with the voting device management team, IT support, and cybersecurity staff, ProCircular will establish the qualitative risk of each device.
2. Testing: Three (3) random devices will be selected for penetration testing and security analysis. Each device’s operating system risk will be determined by the device’s application and OS.
3. Evaluate: ProCircular will work with the auditor and election officials to review results, discuss classifications, and prioritize device risks. After this, a comprehensive report will be created outlining the remediation process, along with feedback to ensure successful election days in the future.
Our experts have a deep knowledge of a variety of the more pressing compliance and regulatory needs,and we’re able to help employees understand the expectations that these standards pose. A training course is typically three to five days onsite and can be tailored to a variety of audiences. ISO 27001, SOC2, PCI DSS, HIPAA, HITRUST, NISTEU and International Privacy, Privacy Shield, FISMA, GLBA, FERPA, COBIT, SSAE16 are all standards that we support both for audits and implementation.
This subscription based model ensures that once you organized yourcybersecurity efforts, you’re able to continue to protect your investment and adapt with the changingthreat landscape.
If these requirements aren’t met, insurance organizations may decide not to pay in the event of a breach, leaving the client with a significant bill. With this evaluation, we read through the policy with the client and establish both strengths and potential risks. After completing there mediation, a company can confidently purchase a cybersecurity policy knowing that they have a much higher likelihood of collecting in the event of a breach.