1
Cybersecurity Risk Assessments
Identify and evaluate the risks to which your systems might be exposed, and prioritize the security measures needed to protect your company against cyber threats.
3
Security Architecture Design
Create a comprehensive blueprint of your company’s cybersecurity defences in a way that integrates your hardware, software, and processes to protect against potential threats.
2
Incident Response Planning (IRP)
Respond more quickly and effectively to cybersecurity incidents, minimizing damage and reducing recovery time and costs.
4
Third Party (Vendor) Risk Management
Manage the risks associated with outsourcing some of your business processes to third-party vendors, and ensure that those partnerships don’t expose your company to unnecessary security vulnerabilities.
5
Business Continuity Planning (BCP)
Help ensure your company can maintain essential functions during and after major disruptions (like cyberattacks or natural disasters).
7
Security Program Policies Development
This involves creating policies that define a company’s security standards, protocols, and expectations to guide behaviour and help enforce security measures throughout the organization.
6
Disaster Recovery Planning (DRP)
Restore your IT infrastructure and operations, following disruptive events, and expedite operational recovery to minimize downtime (data loss or revenue loss).
8
Secure Software Development Lifecycle (SDLC) Documentation
Integrate security best practices into every phase of your Dev team’s SDLC, from planning and design to implementation and maintenance. Make sure security is baked into your products from day-1, and not merely ‘bolted on’.
1
IT Governance Framework Development
Develop a governance structure that aligns with your IT strategy with business objectives so that your IT systems operate within a set of defined rules and policies to support the business with cost-efficient practices.
3
Procedures & SOP Documentation
Create standard operating procedures (SOPs) and protocols. Achieve consistency and clarity in how tasks and processes are performed across the organization.
2
Risk Management Program Development
Develop strategies to identify, analyze, and manage risks across the organization, and mitigate potential impacts on the business.
4
IT Compliance Roadmap Creation
Develop a strategic plan that outlines the steps a company needs to take to meet specific IT compliance requirements and applicable laws and regulations.
5
Risk Assessment Reports
Document the plausible risks identified within your organization, evaluate the likelihood and impact of these risks, and recommend measures to mitigate them.
7
Executive Team & BoD Cyber Risk Report Development
Prepare comprehensive summary reports that are appropriately tailored for board members and executives to support strategic decision-making and risk management.
6
Change Management Controls Design
Design processes and procedures to manage changes in IT systems. Successful processes that are documented, measured, and well-understood are the successes that are consistently repeatable.
8
Business Impact Analysis (BIA) Reporting
Assess the effects of disruptions on business processes and functions. Prioritize recovery strategies and investments to achieve operational resilience.
1
Privacy Impact Assessments (PIAs)
Evaluate how a project or system handles personal data and identify ways to mitigate any potential privacy risks.
3
Canada Privacy Compliance
(e.g., PIPEDA, CASL)
If your business operates in Canada, at minimum, you’ll want to make sure your data privacy practices satisfy PIPEDA requirements. The other privacy laws applicable to your industry will change depending on your industry. We can help you figure that out.
2
Privacy by Design (PbD) Implementation
Integrate privacy at every stage of product development, ensuring that privacy considerations are embedded from the start and not just an afterthought.
4
United States Privacy Compliance
(e.g., CCPA, HIPAA)
The United States’ privacy law landscape is a patchwork of state-level laws rather than a single, overarching federal framework (like Canada or the UK). Each state can have its own rules about how personal information should be handled. We can help you avoid those unwanted missteps and pitfalls.
5
GDPR Compliance Assessments
If your business operates in the EU or UK, confirm whether your company’s practices are aligned with the EU's General Data Protection Regulation (GDPR) and highlight areas that need adjustment to avoid penalties.
7
Data Minimization Strategies
Only collect and retain operationally necessary data, comply with applicable privacy laws, and reduce your business’s risk of a privacy breach.
6
Privacy Program Policies Development
Create a robust corpus of privacy policies that detail how your organization collects, uses, shares, and protects personal data, moving toward a compliant state with relevant laws and regulations while fostering trust with consumers.
8
Data Protection Officer (DPO) as a Service
If it doesn’t yet make sense for your company to hire a full-time Data Privacy Officer (DPO), a fee-for-service DPO will help you navigate the tangly world of privacy laws and maintain compliance, but without the need for a full-time internal appointment.
1
IS Internal Audit Program Charter
This document lays out why the audit is important, what powers auditors have, and what they are supposed to do. It also explains who is responsible for what, and how auditing fits into the bigger picture of company governance.
3
IS Internal Audit Execution Procedures
This is a step-by-step guide on how to carry out your system audits, covering everything from gathering data and analyzing it, to conducting interviews and tests.
2
IS Internal Audit Planning Procedures
These procedures outline how to organize audits, including assessing risks, deciding which parts of the business to focus on, and determining what resources are needed.
4
Reporting Procedures
These rules describe how to best present the valuable information that the audit checks discovered, suggest improvements, and share these insights with management and other important people involved.
5
Evidence Collection Procedures
These guidelines help ensure that all proof gathered during audits is handled carefully and kept safe, maintaining its truthfulness and secrecy.
7
Stakeholder Engagement Guidelines
These strategies aim to keep stakeholders informed and involved during audits, helping to maintain transparency and earn their trust.
6
Change Management Audit Guidelines
This framework helps auditors check that changes in IT processes don't negatively impact system security or performance.
8
Conflict of Interest Policy & Guidelines
This policy sets rules to avoid conflicts of interest, helping to keep the audit process independent and unbiased.
1
Certified Information Privacy
Manager (CIPM)
Focuses on teaching students how to manage privacy in an organization; and develop and run a privacy program that meets applicable legal requirements within the jurisdictions in which they operate.
3
Certified Information Privacy Professional - United States (CIPP/US)
Focuses on U.S. privacy laws and regulations, preparing professionals to handle privacy issues in accordance with American legal requirements.
2
Certified Information Privacy Technologist (CIPT)
Equips IT and other technical professionals with the knowledge to embed privacy into technology platforms and processes, integrating privacy practices within an organization's technical functions and teams.
4
Certified Information Privacy Professional - Europe (CIPP/E)
Provides an understanding of European privacy laws and regulations, helping professionals ensure their company complies with GDPR and other privacy standards across the EU (European Union) bloc.
5
Certified Information Security Manager (CISM)
Designed for those who manage, design, and oversee an organization’s information security, focusing on governance and risk management.
7
Certified Information Systems Auditor (CISA)
For those who audit, control, and ensure the security of information systems, verifying that systems are managed and protected properly.
6
Certified in Risk and Information Systems Control (CRISC)
Geared towards IT professionals who identify and manage risks through the development of information systems controls, helping organizations meet business challenges.
8
Privacy & Security 101 (Intro Training)
Provides a basic introduction to privacy and security, tailored to your organization's needs. It covers essential concepts and practices to help employees understand and comply with privacy and security standards.
1
Business Continuity & Disaster Recovery (BCDR) Policy
A policy to guide the continuation of business operations under adverse conditions. A required document for many security standards, including ISO 27001 and SOC 2.
3
Data Privacy Policies (Internal)
Policies to comply with GDPR, CCPA, and PIPEDA, including data handling, processing, and consent practices.
2
Information Security Policy
A high-level policy governing the approach to information security management within the organization. A required document for many security standards, including ISO 27001 and SOC 2.
4
Access Control Policy
Establishes what measures you're taking to appropriately govern employee access to your company's various information and systems.
5
Incident Response (IR) Policy
A policy that details how your company will respond in case of a security breach. Required across most security and privacy standards for effective incident management.
7
Asset Management Policy
Defines the systematic approach to acquiring, operating, maintaining, upgrading, and disposing of assets cost-effectively while managing risks and performance throughout their lifecycle.
6
Risk Management Policy
A crucial component of an organization's overall risk management strategy. It outlines the company's approach to identifying, assessing, managing, and monitoring risks.
8
Human Resources Security Policy
Outlines the procedures for managing the entire employee lifecycle, from recruitment to retirement. The policy seeks to ensure that operating risks related to personnel are optimally managed.
9
Physical & Environmental Security Policy
Establishes measures to protect facilities, equipment, and resources from physical threats and environmental hazards, ensuring operational continuity and safety.
11
Data Retention & Disposal Policy
This document stipulates the criteria to determine how long data should be retained and the procedures for securely disposing of data once it is no longer needed.
10
Operations Management & Comms Policy
Governs how business operations and IT systems are managed and communicated to ensure efficiency, security, and compliance.
12
Data Encryption Policy
Outlines the standards and practices for encrypting data to protect its confidentiality and integrity during storage and transmission.
13
Change Management (CM) Policy
Establishes the process for managing changes to IT systems and infrastructure to minimize risk and disruption, and achieve repeatable success by using standardized workflows.
15
Data Breach Notification Policy
Defines the procedures for notifying affected parties (e.g., clients, investors) and authorities (e.g., regulators, police) in the event of a data breach, in compliance with legal requirements.
14
Supplier (Vendor) Security Policy
Sets security requirements and controls for third-party service providers ("suppliers", or "vendors") to protect your company's data and systems.
16
Information Technology (IT) Policy
This policy details the expectations for using and managing the company's IT resources and systems. It sets standards for the proper deployment, operation, and maintenance of IT.
17
Acceptable Use Policy (AuP)
Describes the acceptable and prohibited uses of the organization’s IT resources by employees or users to ensure security and compliance.
18
Remote Work Policy
Provides guidelines and security measures for employees working remotely to maintain data security and productivity outside the office.