Our risk assessments are high-level reviews utilizing multiple frameworks including ISO 27000, NIST 800-30 and 800-53, HIPAA, PCI DSS, SOX, GLBA, NERC, and CFATs. We review your technology, controls, policies and procedures to identify risk and gaps.  Our audits are technical deep dives into the following: Information Security Program; data flow, applications, and systems; physical security; technology and design; security processes, controls, logging and monitoring; technical staff training; technical configurations; security operations; change control; backup disaster recovery; staffing; awareness training; and regulatory compliance.