Cybersecurity Managed Compliance Services
Managed Audit, Risk, and Compliance
Finding and retaining enough high-quality cybersecurity talent to effectively build and manage your security and compliance program can be challenging, and is often cost prohibitive. With TRUE's certified professionals assisting your team with GRC services, you will have dedicated, expert support. Since we work as part of your team, you save time and money on hiring security talent.
CyberSecurity Managed Compliance Services Delivered by TRUE Security Experts
Fixed Firm Compliance & Security/Privacy goals defined and uploaded, existing internal controls captured including executions and audits (reviews), capture risks associated with weak or missing controls as well as newly identified threats, and potential projects for mitigating these risks.
Ongoing customization and configuration per client requests. This would include any work outside of the onboarding process, other engagements included in this matrix, etc. This does NOT include the addition of any requested compliance policies.
Single mock audit engagement for a single compliance or security framework (SSAE18/SOC 2, or similar). This service will be performed by a TRUE consultant NOT assigned to the client contract in an attempt to retain independence and objectivity.
Manage the risk management program. TRUE is capable of gathering risk information from the ongoing GRC program, including identification of new risks and risk responses determined by appropriate risk owners and coordinate the effort. "Audit Readiness" - TRUE consultants will assist in translating your security and privacy gaps into actionable projects on a continual basis. Frameworks include (but are not limited to) SSAE 18/SOC 2, type 1 & type 2, ISO 27001, NIST Cybersecurity Framework, NIST Privacy Framework and ISA/IEC 62443.
Manage information security policy, procedures and standards. While TRUE cannot assume the role of policy owner, we can draft align policies with an agreed upon framework, maintain these documents, including annual (or more frequently as required by organizational changes) review and recommended revisions to policy owners.
Perform the monthly, quarterly, bi-annual and annual audits or "validations" on behalf of the client. Service includes artifact/evidence evaluation as well as discussions with control owners. Deficiencies will be captured in TrueSpeed and reported to security and organizational leadership as preferred by client.
TRUE security professionals are available to assist in audit responses including on-site interviews. Utilizing evidence generated in the TrueSpeed GRC application, we will work with client staff to provide appropriate responses to external auditors.
Prepare responses for 3rd party requestors on the state of client's information security program. This includes supplying copy of any SOC2 reports (note: SOC2 audit is not included), or responding to 3rd party risk assessments, 3rd party questionnaires, etc.
Coordinate and chair the information security committee. Includes quarterly meetings as well as regular updates on critical items identified between meetings (criteria set by organizational leadership).
Director of Risk Advisory Services
The Risk Advisory Services team provides a broad range of services with a focus on Audt, Risk, and Compliance initiatives including Information Security Risk assessments, Information Security Program Development, Virtual CISO, and compliance readiness (i.e. PCI DSS, HIPAA, FFIEC, NERC CIP, CUI, etc.) and more.
Tim has served on the Moore Norman Technology Center (MNTC) technology education advisory committee, the Oklahoma City Community College (OCCC) Computer Science Advisory Board, the SANS higher education advisory board, the SANS Global Information Assurance certification (GIAC) advisory board and the Board of Governors for the Institute of Internal Auditors Oklahoma City Chapter. As a contributor to the Oklahoma Information Technology Mentorship Program (OITMP), Tim has spoken to college students across the state of Oklahoma on the value of a life in information security.
TrueGRC Program with the TrueSpeed Platform
TRUE's managed GRC program – TrueGRC with TrueSpeed – will help you identify what you are currently doing to protect your information, assess its effectiveness against industry standards, inform you of your current risk, and provide you not only with customized priorities for moving your company toward an improved security posture, but give you dedicated, expert support and a centralized security and compliance management platform.
TRUE helped us conduct business in a highly regulated and litigated environment in a way that goes beyond 'check the box', to explore the TRUE meaning behind security that becomes part of organizational ethos. Josh Teitsort, General Counsel, Verinovum
You'll get a prioritized dashboard view of your risk management needs, a custom security roadmap
to address unique risks,
expert support to help you execute,
streamlined compliance documentation,
and real-time reporting to evolve your security program.
Program Highlights and Benefits
- Holistic view of your company's information security program in a single pane of glass
- Custom security roadmap with key objectives
- Management Dashboard with custom views
- Real-time audit documentation and boardroom-friendly reporting
- Track multiple compliance requirements simultaneously with easy-access evidence for auditors
- Centralize documentation to simplify client & partner security questionnaires
- Gain real-time Risk Score & Risk Funnel
- Manage your vendors centrally with online assessments
- Leverage combined decades of expertise across dozens of frameworks
Gain Visibility with the TrueSpeed GRC Management Dashboard
- See your aggregated compliance scores in real time.
- Click into each framework color to see tasks, task owners, and individual progress for simplified project management visibility.
- The TrueSpeed Risk Funnel allows you to quickly view a snapshot of your most pressing risks.
- Click into each section to see which risks are actively being mitigated, and what mitigation projects your team has in the queue.
- The TrueSpeed Project Summary saves your team valuable time normally spent updating stakeholders on project status.
- Quickly see where each security and compliance project and owner, is in the process of completion for planned tasks.
- Map GRC Services to Compliance Requirements.
TrueSpeed Security Schedule Tool helps you manage more, faster.
TrueSpeed Security Schedule helps you:
- Keep track of upcoming versus completed yearly and monthly projects with the TrueSpeed Security Schedule.
- Keep your project management calendar organized by priority, so everyone on your team has visibility into what’s coming up next, and why.
- Quickly view and provide boardroom-friendly reporting for year-over-year progress in your security program.
- As task owners complete their projects and upload evidence, your Security Schedule will be automatically updated.
Stop wasting time updating spreadsheets. Manage projects with the TrueSpeed Security Schedule, so you can spend your time where it counts – on execution.
Get Started with True Digital Security
Start protecting your organization's data and have cybersecurity preparedness.
Whether you need help meeting compliance, immediate remediation of an incident, or a secure cloud migration, we're here to help.
Contact Us Today!
Let us know your business needs and we will make sure to get back with you promptly!