The Goal
Identify and remediate regulatory compliance gaps that may exist in technical design, security controls, policies, and documentation.
Our Method
Work with technical teams and management through in-depth reviews of current technologies, processes, policies, and team culture to identify control gaps and make technical recommendations on remediation tailored to the current resources, timeline, and organizational culture.
The Result
Urbane provides assessment reporting that includes:
- Detailed Findings and Observations
- Tailored Remediation Strategies
Scopes of Assessment
Covering a broad range of compliance standards, Urbane assists organizations in their preparation for compliance assessments or internal attestations through the following key services.
First Time Assessments
Preparing teams for their first time complying with a specific standard, Urbane leverages their historical experience and expert technical advice to provide actionable guidance on meeting the requirements. After a thorough review of the processes, technical implementation, and current documents, Urbane provides a tailored and prioritized remediation strategy with clearly defined implementation options to achieve both short and long term compliance.
Architecture Change Review
Validating the continuing compliance of an environment, Urbane assists teams in the design and implementation phases of significant environment changes to review and improve the security and compliance of the changes. Whether infrastructure or application specific, Urbane considers the technical impact of the changes, evaluates the compliance requirements, and determines if additional considerations are required to maintain the state of compliance.
Remediation Design
For groups looking for expert assistance in remediating compliance gaps, Urbane's design and implementation services provide assistance in achieving business requirements with compliance goals. Urbane provides coverage for security control implementation, policy requirements, scope reduction techniques, vulnerability management, and program design.
Compliance Program Management
Assisting both short and long term compliance programs, Urbane provides external assistance in the management of compliance programs. Ensuring that appropriate compliance activities are executed, managing the remediation of gaps, validating the remediation of vulnerabilities, and keeping business units appraised of changes to the standards provide the breadth and depth of coverage for the multiple standards required by the business needs of the organization.
Compliance Standards
Urbane excels in delivery with a diverse set of regulatory and compliance standards, including:
PCI DSS
The Payment Card Industry Data Security Standard focuses on the security of cardholder data through 12 key requirements and is required for both merchants and service providers handling cardholder data.HITRUST CSF
The HITRUST Common Security Framework (CSF) is a comprehensive, prescriptive, and certifiable framework that covers multiple domains of sensitive and regulated data.HIPAA
The Health insurance Portability and Accountability Act is a US law that covers the confidentiality and integrity of patient medical data, affecting those providing medical services.ISO 27001/27002/27017/27018
ISO's standards provide a globally recognized set of requirements for organizations and cloud providers' information security programs.SOC 2
The Service Organization Control 2 report by the American Institute of Certified Public Accountants provides review of the security and privacy controls of an organization.EU-US Privacy Shield
As a replacement for US-EU safe harbor, the EU-US Privacy Shield requirements govern protection and confidentiality of personally identifiable information of EU citizens by US companies.NIST SP 800
From the US Department of Commerce's National Institute of Standards and Technology, NIST SP 800 standards focus on information security and enterprise risk management.CSA STAR
As a relatively new standard, the Cloud Security Alliance's Security, Trust, & Assurance Registry provides a self assessment and third party assessment certification for security of cloud platforms.GLBA
The Gramm-Leach-Bliley Act of 1999, enforced by the US Federal Trade Commission, focuses on the security and integrity of consumer financial and personal information.FISMA
For service providers providing solutions to the public sector, the Federal Information Security Management Act provides requirements for systems hosting government information and services against threats.FEDRAMP
Managed by the US General Services Administration, the Federal Risk and Authorization Management Program provides a security assessment standard for cloud products and services.The Urbane Difference
Innovative. Sophisticated. Refined.
Urbane demonstrates our founding principles in every engagement through attention to the details, modern techniques, and strong union with our clients.
Request more information
Other Urbane Solutions That May Interest You
Network Penetration Testing
Focusing on the exposed services, networks, and configurations, network penetration testing (also known as Ethical Hacking) simulates an attacker attempting to gain access to a network and its services through a variety of methods.
Application Penetration Testing
The goal of application penetration tests are to analyze the logic and operation of exposed applications, as an attacker would, in attempt to access sensitive data, compromise a system, or bypass logic controls.
SDLC Security Integration
Deeply integrating into an organization’s development and project management teams, Urbane's SDLC security program adds security expertise into the various steps of the process to reduce cost and security risks.
Vendor Management
With many regulatory and compliance requirements mandating supplier due-diligence programs, many organizations do not have the staff or time to allocate to these efforts. Urbane’s knowledge and streamlined vendor assessment framework simplifies the process of annual on-site reviews and supplier due-diligence.