SWALSH, LLC
To bridge the gap between current security controls and those required for industry compliance and certifications, Swalsh, LLC provides our customers high quality services personalized for their unique needs, including:
Policy Definition and Documentation
Many companies have the best of intentions in considering security as they build their business, but finding the time to document and communicate policy decisions and security best practices is not always practical. Defining, documenting and implementing the policies that meet both compliance requirements as well as your unique business needs is the cornerstone to a successful Security and Privacy program. Let us help you understand and document what's necessary in order to comply with the requirements applicable to your environment and business practices.
On-Going Security Program Management
Once policies and procedures are defined, on-going governance of those policies can slip through the cracks only to cause problems during an audit. Our staff can help you ensure daily, weekly, monthly, annual and ad-hoc tasks are performed on time, documented, and produce the expected results to ensure a smooth audit.
Gap Analysis
Prior to any audit, it’s crucial to understand to what extent your business complies with the standards to which your business is required. Our team can help you identify gaps, document compensating controls as well as prioritize and manage the projects that should be completed prior to an audit.
On-Site Auditor Management
The auditing process can be time-consuming and frustrating, creating repeated interruptions for your team that reduce their productivity. Auditors require detailed information that is sometimes repetitive, difficult to understand or produce. Our experience working with auditors specifically in the context of information security and privacy related reviews equips us with the ability to buffer your teams from unnecessary interruptions while providing auditors with the evidence they require.
SPECIALIZATIONS
Our staff is CISSP certified, with experience in successful projects related to the following:
Third Party Audits
- SOC1, SOC2 Type 1, SOC2 Type2, SOC3
- PCI-DSS
- HIPAA & HITECH
- FISMA/FedRAMP
- GAPP
- ISO/IEC 27001
Corporate Privacy and Security Programs
- Risk Assessments, including policy and procedures definition, execution, report and presentation to stakeholders
- Information Security policy and procedures definition
- Privacy policy and procedures definition
- Security and Privacy Program Management
- Employee Security & Privacy Awareness Programs and Employee Education
- Business Continuity and Disaster Recovery policy and procedure definition, training, and testing
Customer and Specialized Audits
- Preparation and Guidance Through Security & Privacy Audits by Financial Institutions (JP Morgan Chase, American Express, etc.)
- Preparation and Guidance Through Security & Privacy Audit Firms (KPMG, Grant Thornton, A-Lign CPA, etc.)
Our Services Bridge the Gap Between Your
Existing Security Programs and Industry Compliance
Security & Privacy Compliance Management
