GSD
GSDCompanies struggle with ongoing operational, cybersecurity, and regulatory compliance responsibilities. Recruiting, training, and retaining quality talent is difficult, but it can be even harder to find qualified and dependable consultants to ease the burden from:
- Having more projects or tasks than time or resources to manage
- Ever growing task lists that don’t seem to end
- Preparation activities for upcoming audits and reviews
ITEGRITI can help in many capacities, including:
- Dedicated resources to complete projects and task list items
- Asset inventory and site walkdowns
- CIP audit and SME preparation
- CIP program and compliance assessments
- Exercise design and facilitation
- Independent, external assessments
- Internal audit program design
- Management and oversight of “Shadow IT”, outsourced Cloud applications
- NIST CSF Security Assessments
- Organizational change management and training
- Process improvement and procedure writing
- Supply chain management: policy and supplier assessments
- TSA SD02 program development and assessment
- Vulnerability Assessments
Why ITEGRITI?
Experience > Process > Results
The ITEGRITI leadership team is involved in every project, including initial project advisory, scoping, and organization, and later through direct assignment or oversight roles. Our experience includes:
- Experience in mandatory Critical Infrastructure IT and OT cybersecurity and compliance since 2008
- Management, oversight, or service on over 300 projects in cybersecurity, compliance, and audit
- Planning and management of large, complex projects throughout the U.S. & Canada supporting Critical Infrastructure across electric, oil & gas, healthcare, financial services, and transportation sectors
- Management, oversight, or service on over 300 projects in cybersecurity, compliance, and audit
- Multiple framework & methodologies:
- NERC CIP, NIST SD2, ISO27k, NIST (RMF, CSF, 800-37, 800-53, 800-171, NISTIR-7628), NRC 5.71, NEI 08-09, AFRMR, and COBIT
- Certified cybersecurity & compliance professionals:
- CAP, C|CISO, CCNP-S, CDPSE, C|EH, CISA, CISM, CISSP, CRISC, FITSP-M, GCIP, HIPAA CHP, HITRUST CCSFP, MCSE, PMP, SABSA SCF, SASE
ITEGRITI designs an approach that follows the Plan, Do, Check, Adjust model. Our delivery team has access to tools and templates that can manage team workflow, provide consistency in deliverables, and generate timely & accurate reporting. Our tools include:
- A database that manages data requests, workflows, reviews, and disposition with reports that dynamically provide Data Request status.
- Surveys and self-assessments that are accessible from computers, tablets and cell phones.
- An available SFTP site for the sharing of sensitive information.
Case Study
An ITEGRITI client had a growing list of cybersecurity, compliance, process improvement, training and organizational change management concerns but lacked internal resources for timely completion of tasks. We reviewed the list with our client, identified dependencies and critical path, anticipated level of effort, and organizational priority. They contracted our team to lead and help complete priority items on their task list, working both independently and in collaboration with their employees, vendors, and other contractors. ITEGRITI managed efforts in an Agile fashion and by working together our client was able to meet internal and external deadlines.
We have now completed over a dozen projects projects for this client supporting NERC corporate compliance, IT compliance, CIP program management, enterprise applications, generation, transmission, renewables, critical infrastructure operations, cybersecurity, telecommunications, and physical security.
RESULTS DRIVEN
“Michael and the ITEGRITI team has partnered with us to advance and mature our cyber security capabilities across the technology that operates our critical energy infrastructure, in the midst of an evolving regulatory environment and threat landscape. ITEGRITI seamlessly integrated into our team, providing valuable industry expertise and practical solutions to imbed these new capabilities into the way we work at Duke Energy. Fantastic insights, tangible results. Thank you for the partnership!”
Brian Savoy
SVP, Business Transformation & Technology
Duke Energy Corporation
