Risks associated with cyber systems containing or controlling Critical Infrastructure, PII and ePHI are growing as regulations mount, hacking tactics evolve, and bad press meets social media. The Federal Government and public demand protection of this information and assets, and these regulations can carry civil, operational and financial penalties. And companies are becoming keenly aware that compliance does not alone provide cybersecurity.

Many organizations are working to develop and support compliance cultures. In order to accomplish this, sustainable programs must be manageable, scalable, and transparent where compliance tasks are embedded with operational tasks. In return, leadership must be provided with timely and accurate information with which to make decisions – internal audit programs must measure, monitor and report the operational effectiveness of key controls.

Our team members served in operational, management, and auditor roles and have deep experience in regulatory compliance and affairs, internal compliance program development, cybersecurity, training development and delivery.

How We Help Clients


  • Program design and implementation (FERC, NERC CIP, HIPAA, HITRUST, AFRMR, ITGC, etc.)

  • Compliance assessments using recognized frameworks (NIST, ISO27K, NERC CIP, HITRUST CSF, COBIT, etc.)

  • Internal control design and implementation

  • Audit program design and implementation

Audit Preparation

  • Gap analysis and recommendations

  • Compliance package creation and review (e.g. RSAWS, narratives, cross references, etc.)

  • Mock audits

  • SME/witness training and coaching

Mitigation Activities

  • Root casual analysis and corrective action generation

  • Organizational change management

  • Process design for key IT functions including user, asset, patch and change management

  • Process design for GRC tool to measure, manage and report internal control effectiveness


Go to Top