Compliance and Certification
following Security and Privacy frameworks: SOC 2 (Type 1 and 2), ISO 27001, GDPR, HIPAA, HITRUST, NIST AI RMF, ISO 42001, CMMC (Levels 1-3) CJIS, NIS2, DORA, CPS 234, EU AI Act,
Essential Eight, Cyber Essentials, PCI-DSS, COPPA, CCPA, CPRA, FedRAMP (NIST 800-53 Rev 5), and GovRAMP (prev. StateRAMP).
This Service includes initiating a Gap Assessment to compare your organization's current capabilities with the required future state, collecting quotes with timelines from Third Party Assessors (Auditors), collecting quotes and schedules from PenTesters (if necessary), and a detailed Project Plan tracking the progress of the entire compliance/certification project.
The use of a GRC platform (i.e. Vanta, Drata, Secureframe, etc.) is highly recommended; we'll walk you through the steps to select the right platform and run it for you as part of the Compliance and Certification Service, as well as the vCISO Service.
Compliance and Certification Service Responsibilities
Responsibility Matrix
All Services come with a subscription level defined Responsibility Matrix to document responsibilities of First Row, the business, and joint-responsibilities. The Compliance and Certification Responsibility Matrix is standard, but can be adjusted on a case-by-case basis to satisfy the business needs as part of the Custom-Designed Service option.
