Policies & Procedures
Business Continuity, Incident Response, and Resiliency

We create and review policies and procedures focused on information security. Business Continuity, Disaster Recovery, and Incident Response are key elements. Policies and procedures, along with implementation, are incredibly important from a regulatory perspective. These are often reviewed by regulators during examination and the SEC’s examination observations have highlighted a lack of thoroughly thought out plans. We use a hands-on client-focused approach to create new policies from scratch as well as review existing policies, making sure they encompass the organization’s standards and meet the latest regulatory requirements.

Vendor Due Diligence

As most companies now have a great deal of data in the cloud, security risks at third-party vendors' are just as important as the organization’s. Regulators recognize this and continue to focus on this during examinations. The due diligence review process provides assurance that a vendor or potential vendor is stable and has both reputation and practices indicating that it is secure. It has been the case multiple times that when a vulnerability was discovered with a cloud provider’s website, our team worked with their technical team to provide detail on how to remediate the vulnerability. Our vendor due diligence process results in easy to review reports that meet regulatory requirements.

Risk Assessment

Risk assessments evaluate company’s risk to reputation, assets, people, privacy, integrity of systems, and data loss. We review general security and risk to IT as well as examine remediation and mitigation. Detailed systematic methodology and scoring system are applied. Our remediation suggestions can be used as a first step in budgeting, scheduling, and understanding changes that should be addressed to improve the security infrastructure and environment of our clients. We also make sure clients are compliant with the latest regulatory requirements.

Cybersecurity Training

It is often the non-malicious, uninformed employee that can cause a threat to information security. Hackers take advantage of innocent employees using different hacking techniques to make them a victim. When employees attend regular training and understand threat vectors, they are better equipped to stay ahead of hackers. Cobaltix Compliance offers Cybersecurity Awareness Training onsite or via web conference.

Vulnerability Assessment

We perform vulnerability assessments on external networks, internal networks, and company websites to determine what vulnerabilities are present on computer networks, systems, hardware, etc. This multi-step process is designed to be performed in an unobtrusive manner by an experienced security engineer. Our final report includes both a detailed technical breakdown for IT staff as well as a brief executive level summary with recommendations for remediation.