Risk assessments are the cornerstone of an effective security program. They are also required by many regulatory compliance regimes and security frameworks. Without an accurate assessment of Information Security risk, your organization is running blind through a minefield of threats and vulnerabilities. Summit risk assessments can be general in nature, but most often support our clients’ compliance with a specific regulation or framework such as HIPAA, ISO 27001, NIST SP800-53, or PCI-DSS. Regardless of the focus, our assessment reports identify detailed Information Security risks coupled with remediation guidance and appropriate risk treatment recommendations, giving our clients an action plan for success.
With apologies to our dental clients, we must admit that the common opinion of policy and procedure creation is that it is about as desirable as a root canal. The good news is that, unlike visiting the dentist, you don’t have to go at it alone. Summit has helped many clients draft policies, standards, and procedural documentation that supports both security and compliance needs, and provides useful guidance for their workforce. We’re a bit odd because we enjoy this work, so give us a call and we’ll “sit in the chair” so you don’t have to.
Summit works with policies, standards, and processes across industries and leverages common nationally and internationally accepted frameworks and references such as ISO, NIST, & COBiT.
The impact of regulatory compliance cannot be understated. We live in a nation of laws and many of those laws are aimed squarely at your bottom line. From state data breach laws to HIPAA to the Federal Trade Commission enforcing the Gramm Leach Bliley Act, there are significant monetary fines and penalties associated with noncompliance. Ignoring regulatory requirements is not a strategy for success. The team at Summit has decades of experience helping organizations successfully navigate the complex and often bewildering Information Security compliance landscape. Summit’s compliance engagements help clients satisfy requirements related to: HIPAA, PCI-DSS, FERPA, SOX, GLBA, FINRA, SEC, FISMA, NERC CIP, CJIS, and others.
Our team also helps clients prepare for and pass ISO and SOC 2 Type 1 and Type 2 audits.
You may have a top-notch security program, but what about the vendors with whom your organization shares sensitive information? Third party vendor risk is always an area of concern. Many data security regulations and frameworks require varying degrees of third party vendor oversight and due diligence. Summit’s team of seasoned professionals support client needs to gain a deeper understanding of the security risks associated with third party vendor relationships.
The Summit team has decades of collective experience preparing for, and successfully completing technology-related audits. Whether your organization is seeking a SOC 2 or ISO 27001 certification, or is working through a HIPAA, ISCA or other audit, let our team of experts help you with the heavy lifting. We have supported our clients in achieving these certifications, obtaining favorable audit outcomes, and have a successful track record engaging with audit firms across the country. Our independence as an advisory firm allows our clients to maintain the required professional separation between our efforts and those of their auditor.
While preventing incidents is always the best course of action, even the best-laid plans … you know how it goes. When plans go awry, you need an incident response plan that will help you detect, respond, contain and recover from the incident to restore your organization to normal operations. Whether the incident is a malware outbreak, a denial of service attack, or a data breach, Summit team of experts has the expertise to craft a plan that is both operationally sound, and actually useful during a time of crisis.
The team at Summit has years of experience teaching, lecturing, and communicating complex information security topics and concepts in an engaging and informative manner. Members of the Summit team have experience teaching undergrad and graduate level courses, presenting at national and regional conferences, and crafting tailored presentations for our clients. We realize that not everyone is as excited about security as we are, but we hope that our enthusiasm is contagious when we speak on the topic. If you would like us to speak at your event or meeting, please drop us a note.