Risks associated with cyber systems containing or controlling Critical Infrastructure, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media. The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties. And companies are becoming keenly aware that compliance does not alone provide cybersecurity.
Many organizations are working to develop and support compliance cultures. In order to accomplish this, sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks. In return, leadership must be provided with timely and accurate information with which to make decisions – internal audit programs must measure, monitor and report the operational effectiveness of key controls.
Our team has served as both managers and auditors, and has deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.