ISO/NIST/SOC2 Readiness

‍

With our team of experienced ISO and NIST practitioners we help you prepare for new or recurring information security audits or attestations by assessing the status of your organization and reviewing your practices and documentation and by providing remediation advice and guidance. We will map your existing ISMS (information security management systems) again ISO standards, providing advice and guidance on remediation so that you are fully prepared for formal auditing.

‍

‍SOC2 (Service Organization Control) auditing is increasingly relevant to SaaS application providers and is required by some content owners. SOC2 is the standard for reporting on security, availability, processing integrity, confidentiality, and privacy controls at a service organization. Many customers of service organizations now require SOC2 reports prior to engaging in business with them.

‍

ConvergentDS is able to assist its M&E application customers with SOC2 preparation and remediation before undergoing SOC Type 1 and 2 audits by leveraging the security verification they have already undergone, for example, Cloud and Application security reviews, TPN security assessments, Web Application pen testing, Code reviews and privacy compliance. This is a logical step to avoid a duplication of effort and will save on cost.

‍

Managed Remediation

In an era of mounting cybersecurity threats, ConvergentDS offers a team of experts to address any breaches and contain the damage.

‍

Let us do what we do best so you can, too.

‍

With the everchanging cybersecurity threat landscape and dramatic increase in attack frequency, remediation of active threats and known vulnerabilities is more vital than ever. Vulnerability management firm Edgescan found that migration to working from home increased companies’ vulnerability windows by 40% in 2020. The Whitehouse Executive Order on Cybersecurity from May 2021 outlined the criticality not only of detecting vulnerabilities but of quickly remediating them, as well.

‍

ConvergentDS’s managed remediation services allow your organization to draw on our full breadth of experience for a fraction of the cost of hiring a team of full-time employees to manage your program. We offer deep industry experience in industries such as financial services, healthcare, media & entertainment, credit unions, and mortgage lending. That’s on top of technical experience spanning technologies such as Amazon AWS, Microsoft Azure, Google GCP, and traditional infrastructure solutions such as Palo Alto Networks, Microsoft Active Directory, Windows Server, and various Unix platforms.

‍

Virtual CISO

Today, the primary business of almost all companies is information. That information can range in importance, priority, and criticality, but any disruption to its availability can mean a costly hit to the bottom line. With cybercrime focused on disruption and legislators focused on compliance, companies face unprecedented operational challenges. They need the experience of veteran cybersecurity practitioners, but such executives’ limited availability makes them costly to retain.

‍

ConvergentDS’s Virtual/Fractional Chief Information Security Officer (vCISO) service gives organizations access to security professionals with extensive industry experience for a fraction of the cost of a full-time CISO. Our team of experienced practitioners will help craft your organization’s security strategy, all while reducing long-term costs and turnover risk.

‍

We focus on a variety of industries that span financial services, credit unions, healthcare, media & entertainment, mortgage lending, and more. We help in key cybersecurity program areas such as:

‍