We begin by performing an assessment and determining the proper framework for your security program. Frameworks include NIST 800-53, NIST 800-171 rev2, NIST 800-171B, NIST Cybersecurity Framework, ISO 27002:2013, CERT RMM v1.2, CIS Critical Security Controls v7.1, and Secure Controls Framework (SCF).
The TouchstoneISP™ program puts a strong focus on risk and compliance. A single cyberattack or unforeseen disaster can destroy a business. We start by working with your senior management to identify the biggest risks to your business which are documented in the Risk Assessment. We then work with you to define a level of “acceptable risk” before selecting a Framework and developing an ISP Manual which details how your organization intends to mitigate risks to an acceptable level. Many companies regard this planning as wasted paperwork – it’s not.
During this phase we also perform a comprehensive compliance evaluation. Compliance is absolutely critical in today’s regulatory environment. The acronyms can feel completely overwhelming: GDPR, FINRA, HIPAA, PCI DSS, CCPA, NYDFS Cybersecurity Regulation, the list goes on. Our world-class team at Touchstone has experience helping small businesses to large enterprises meet compliance requirements in a cost-effective way without causing major interruptions to your business. We work to understand all applicable requirements that your business may need, then by selecting and following the best applicable Framework, we design a single approach that meets those requirements.