Small and Medium Business Compliance Readiness2021-06-24T12:36:06+00:00

Compliance Readiness for Small and Medium Businesses

Compliance readiness, implementation of processes, and documenting relevant procedures can be critical in the success journey of every small and medium-size business. Regulations and fines for not meeting security requirements are growing and no business can afford hefty penalties or closing its doors for any period of time due to a failed audit. Our team is highly trained to evaluate your startup readiness to adapt and respond to new regulations and communicate them successfully across all your teams (CTO, DevOps, Founders). At the same time, we intend to highlight information security and operational security best practices whether you are at the beginning of your compliance journey or well ahead. Our goal is to assist you to run an information security management system (ISMS) according to ISO 27001/ISO 27002 and align to other compliance requirements such as GLBA, FINRA, SOX, GDPR as well as SOC1 and SOC2. This includes defining and writing procedures, best practices and help with implementing organizational and technical controls that are mandated by ISO 27002 or NIST 800 series. We provide a fully tailored service according to your threat model, risk profile, and specific organizational issues.

Web application security and the development of information security practices inside an organization is a continuous and never-ending project. Pricing is developed as a plan where the client has access to PreCog Security’s engineers and staff of advisors, testers, reviewers, and implementers.

SMB Questionnaire

/10

1 / 10

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

2 / 10

Is there a person or IT team primarily responsible for managing security initiatives within your organization?

3 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

4 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

5 / 10

Do you have an ongoing security training (security awareneess, email phishing, etc) specific for the employees responsibilities?

6 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, sowtware, web applicaitons,etc)?

7 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

8 / 10

Do you manage the security and access restrictions of your wireless networks?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Are you compliant ready - do you have documentation and processes in place for the audit?