Governance, Risk & Compliance:
ISO 27001, SOC 2, NIST, PCI, HIPAA, NERC, NIA

Governance, Risk & Compliance:
ISO 27001, SOC 2, NIST, PCI, HIPAA, NERC, NIA

Your Partner in Managing Information Risk!

Governance, Risk & Compliance
Risk Assessments and Risk Management

Presidio IRM’s experienced consultants help organizations in developing and managing their risk framework based on industry best practices .Risk assessment and mitigation involves critical process and assets listing, threats and vulnerability assessment, operational, business and technology level risk assessment , risk mitigation controls and residual risk acceptance.

We also develop risk monitoring and measurement matrix that is quantifiable enabling management to take informed decisions on risk treatment and mitigation.

Independent Internal Audits

Information Security audits involve a set of periodic, pro-active compliance and assurance reviews that help in assessing information
security control posture your organization.

ISO 27001:2005 Consulting and Maintenance
ISO 27001 Consulting and Maintenance

Typically our work begins with a gap assessment and risk review utilizing risk assessment tools, industry standard methodologies and our proprietary methods. We then highlight areas of noncompliance, and work with stakeholders to design a clear road map to attaining the ISO 27001 certification. We develop all required documentation, provide training and ongoing consultation to clients and help them throughout certification process.

Organizations those are already certified can outsource all ongoing certification management activities to us enabling them cost effective and efficient way of maintaining certification with minimal operational overhead on internal staff. We have 100% success in our ISO 27001 consulting with all clients including MNCs getting certification at first attempt without any non-conformity.

Information Security Strategy Development
Information Security Strategy Development

One size doesn’t fit all when we are dealing with information security strategies. Our experience in the field of information security has shown that all the successful security strategies are custom tailored and are aligned with the overall strategy of the organization. We shape and develop security strategies based on the overall strategy of the organization, its values & culture and industry specific factors.

PCI DSS Consulting

With an established legacy in information security and proven expertise in a wide variety of relevant service areas, Presidio IRM not only provides the strategic advice and solutions that you require in achieving PCI-DSS compliance; but more importantly sustaining PCI DSS compliance without putting stress on resources of your business. We assist organizations with PCI DSS readiness, penetration testing, vulnerability assessment, incident response, training and compliance auditing services.

Business Continuity Planning and Disaster Recovery, BS25999, ISO 22301
Business Continuity Planning and
Disaster Recovery, BS25999, ISO 22301

A sound contingency strategy and tactical business continuity planning are essential for every organization. We work closely with you to develop customized business continuity solutions addressing your company’s specific needs and budget.

Presidio IRM has successfully completed BS25999 consulting assignments. We help organizations in developing BCP strategy, BCP Plan, Business Impact Analysis, BCP test Plan, DR planning and conducting BCP training.

HIPAA, SOX, GLBA, NERC, FISMA Compliance

Information technology (IT) related operational and managerial controls form the backbone of all regulatory compliance requirements for data protection and information security. Our professionals can help you plan integrated technology process and control methodologies needed for various compliance requirements like efforts. We provide end-to-end solutions for achieving compliance to HIPAA, GLBA, SOX, NERC, FISMA, ADSIC and EU Data Protection act.

HIPPA

HIPPA

GLBA

GLBA

SOX

SOX

NERC

NERC

FISMA

FISMA

ADSIC

ADSIC

EU Data Protection act

EU Data Protection act

Information Security Training Programs
Information Security Training Programs

Information security is the responsibility of every individual and not just the IT and Administration Departments. The probability of internal threats to information assets is more than external threats. Regulatory requirements expect every individual associated with an organization to know their responsibility towards information security. We design and conduct customized user awareness training programs for management, IT team and end users.

Information Security Policy & Procedures

Presidio has specialized in developing information security policies and procedures that address the business requirements of diverse operational environments. We have unique approach for developing information security policies and procedures that typically start with gap assessment, stakeholders interviews, user workshops, policy designing and implementation assistance.