Policy & Risk Management Design & Implementation

We understand regulatory requirements for policies and procedures, such as a WISP (written information security program). As noted by this acronym, you need more than a cybersecurity “policy”.

INARMA has developed an IT / Cybersecurity Policy Framework along with basic documents that meet SEC, FFIEC, other regulatory requirements. They will be tailored to your business after our professionals meet with your team to outline our recommended approach and obtain your input based on your risk tolerance. We provide support as you roll the policies out to your employees and vendors.

If requested, we will provide annual updates based on changes in your environment or regulatory requirements.

We can help you assess the security posture at your vendors, both before signing a contract, and after the ink is dry to ensure vendors continue compliance with contracts and regulations. Because our experts have worked for various types of service providers and auditing firms, in addition to in-house positions, we know the right questions to ask to address the risks that you are concerned about. While we focus on security and regulatory requirements, we help you ensure your business needs are being met by the vendor.

In addition, we make sure that appropriate internal business process and technology controls are in place to secure all data during transit and storage, no matter the location.

We can help your organization develop and implement technical control practices, whether you maintain systems in-house or have them outsourced. We recommend using the Center for Internet Security (CIS) Benchmarks for configuration of new IT assets, and the Open Web Application Security Project (OWASP) Secure Coding Practices for the development and testing of applications.

We can design and develop standards and procedures for securely building and implementing systems in your environment. We will help your teams

• understand the need for secure frameworks such as OWASP,

• document compliance during the SDLC and change management, and

• monitor for compliance.

We can provide support for both the development and implementation of Disaster Recovery / Business Continuity Plans (DRP/BCP) and Incident Response Plans. We build the plans based on an understanding of the "reasonably foreseeable" risks facing your organization from both your internal systems and third party service providers. We examine contractual commitments with providers and develop appropriate action plans to continue operations in the event of an adverse event.

We can help test your disaster recovery / incident management plans.

We have an expert team of computer forensic investigators available to respond to possible data or system breach. This team can help determine what happened, how to prevent similar future events, and support you during the insurance claim or legal process.