TRUE GRC (Governance, Risk, and Compliance)
TRUE GRC is a subscription-based program providing organizations with an ongoing and cost-effective governance, risk management, and compliance (GRC) framework and guidance for achieving and maintaining a holistic Information Security Program. The annual consulting service is designed around the concept that information security is not a project that is ever complete, but rather a business function that evolves and requires regular maintenance and review.
With TRUE GRC you...
- Gain an extension of your team, TRUE's Virtual CISO
- Gain a proven, audit-ready security program
- Avoid the common pitfalls with building a security program
- Learn how to run a highly effective security program
- Leverage TRUE's 14 years of experience developing security programs
TRUE will work with your staff to review existing information security-related policies, controls, and procedures documentation, to identify deficiencies, and develop Information Security Program Documents tailored to your organization. TRUE will work with your organization to develop the following documentation:
- Information Security Program Roadmap
- Third-Party GRC Attestation Letter
- Full Set of Policies and Procedures including Incident Response Plan and Disaster Recovery Plan
- Controls Catalog
- Information Security Governance Committee (ISGC) Charter
Throughout the TRUE GRC experience, your key personnel will be trained on how to implement the TRUE GRC framework within the organization, while identifying and collecting evidence documents as each activity is completed. The following consulting services are available through the TRUE GRC service:
- Monthly Information Security Governance Committee (ISGC) Meeting Facilitation
- Annual NIST-Based Risk Self-Assessment Facilitation
- Annual Third-Party Management Review Facilitation
- Quarterly External Vulnerability Scanning
- Annual Information Security Awareness Training
- Quarterly Information Security Awareness Bulletin Creation
- Evidence Archiving and Management
Having a strong security program foundation helps organizations become self-reliant and take a proactive approach to security strategy. Without a strong foundation, your organization is more likely to be reactive, resulting in unplanned expenses and failing to align with organizational goals.
Watch our "Building a Highly Effective Information Security Program" Webinar On-Demand now!