Compliance Professional Services

Verify your regulatory stance

Ensure Ongoing Compliance

It can be difficult to remain compliant with regulatory frameworks when your IT team is pushed to do so many other tasks. InterVision’s deep expertise in securing IT systems and knowledge of complex compliance frameworks, such as HIPAA, SOC 2, PCI, GDPR, NIST and so many others, enables us to assist clients in knowing what they need to remain protected.

[InterVision]’s best asset is their people. From project managers, to implementation specialists, to network guys, all have been top notch in their roles.

Get an Expert Perspective

Our compliance professional services team is staffed with some of InterVision’s most experienced personnel at the helm. Whatever compliance standard or regulatory requirements you need reviewed or supported, InterVision has decades of expertise in various compliance frameworks to provide your organization with key findings and recommendations.

Enhance Your IT Stance with These Professional Services

Our experts review all your IT systems and processes to address regulatory compliance needs.

With a close eye on your IT systems and knowledge of the evolving threat landscape, we help to identify and mitigate possible attack vectors.

Investigate areas of vulnerability within your IT systems to shore them up before a breach.

We will provide recommendations to improve your internal governance to accommodate the latest in threat management.

We provide all clients with certificates following our audits of their systems, which can be shared with stakeholders.

Leverage a Comprehensive Approach

InterVision provides strategic and tactical guidance on achieving regulatory compliance effectively and efficiently for your organization. We review your IT systems for design adequacy, strength of controls, and evaluation of alignment with internal policies of governance, risk and compliance. Then we give recommendations on remediation and offer support where needed in meeting these goals.

InterVision’s Compliance Professional Services

Strategic Advisory Services

Security Strategy Roadmap & Planning: Development and planning for security and governance, risk, and compliance strategy and direction leveraging industry best practices and standards to create, and design strategy documentation and deliverables tailored to client’s business practices. Inclusion of workshops with key stakeholders to accelerate the consolidation, alignment, and deployment of future strategy.
Organizational Policy & Procedure Alignment: Review and assessment of client implemented policies, standards, and procedures against industry best practices and client organizational requirements. Provision of gap analysis of policy statements and discovered downstream operational procedures to support enforceable policies, including tailoring of revisions and additions to policies to meet ongoing needs.

Assessment and Support Professional Services

Control Framework Assessment: Assessment of organizational controls and practices as designed in operational procedures and functions against specified frameworks (e.g. ISO 27001, NIST 800-53 / CORE, COBIT, ITIL, CIS CSC, etc.). Review of specific design adequacy to meet framework requirements and controls and evaluation of alignment with client policies of governance, risk and compliance.
Regulatory Review and Consulting: Analysis of specific regulatory requirements impacting client concerns and consulting on implications to client organizational functions, inclusive of risk-driven decision analysis and planning on how to best meet and overcome challenges presented by evolving regulatory issues. Provides strategic and tactical guidance on achieving regulatory compliance effectively and efficiently for the clients’ organization.
Readiness Assessment & Gap Analysis: Preparatory assessment and guidance for clients wishing to attest, certify or otherwise meet formal requirements and control sets necessary for their business to succeed. Includes analysis of as-implemented controls and operations to determine effectiveness, maturity, and overall sufficiency, as well as providing gap analysis to drive recommendations for remediation.
Remediation Consultation: Targeted and tailored remediation advice to assist clients in addressing specific encountered issues, gaps, and risks identified. Hands-on and tactical planning and execution support for key initiatives to resolve high value findings and critical concerns facing client’s business.

Program Review and Development

Security Program Management: Consulting to improve and mature a client’s security program, management and oversight, including supporting program elements across administrative, technical, and physical security considerations and controls, the design process, execution, and the holistic integrated perspective for effective security posture. Provided analysis and development support overlay on comprehensive program framework that constitutes effective security program execution.
Incident Management & Response: Supported development and implementation of incident management practices, program documentation and deliverables tailored to client’s business, assets, and risks evaluated as critical for client operations. Guidance to drive incident classification, resources, response, notification, oversight standards.
Threat & Vulnerability Management: Engaged review and program development for threat and vulnerability management practices across client security operations, tools, and capabilities in place. Addresses client means for asset identification and classification, threat assessment, risk thresholding parameters, vulnerability management systems and procedures, and remediation avenues.
Risk Management: Assessment and advisory services for client risk management programs and application of industry best practice frameworks suited to client organization. Tailored to review, design, and implement systematic approaches leveraging enterprise risk management, risk governance, identification and classification, assessment and impact evaluation, risk tolerance and treatment mechanisms.
Business Continuity and Disaster Recovery Programs: Program development for business continuity and supporting tactical disaster recovery, inclusive of understanding client critical assets, operations, support, systems, applications, personnel, and effects on ongoing delivery through applied business impact analysis (BIA). Assessment, advisory, and recommendations of recovery time objectives and tolerances to establish predictable business continuity planning and recovery mechanisms.
Privacy Program: Guidance and development of privacy practices and program to meet employee, client, and third-party privacy requirements around personal information and data stored, accessed, collected, or otherwise processed by the client’s organization. Address critical regulatory controls around processing directives, control responsibilities, data protection, data transfer and portability, and breach requirements.
Security Awareness Training: Review of current security awareness posture throughout client organization and staffing, providing insight into the critical personnel weaknesses that may exist with improperly trained and advised employees, management, and executives that may result in data loss, system compromises, and breach. Includes consulting to assist the client in design, revision, acceptance, and implementation of security training program objectives, tools, materials, and reporting and oversight measures to provide assurance of internal and external requirements.
Third Party & Vendor Risk Management: Analysis of a client’s third-party and vendor practices for the ongoing management effectiveness of their relationships, suppliers, and operational assistance against industry standards. Provide guidance and development of a comprehensive vendor management program and its components supporting the vendor lifecycle, onboarding, classification, risk assessment, vendor security practices and information handling, and alignment with client business and subcontractor obligations.
Data Governance & Classification: Assessment, analysis, design, and implementation support for a client’s data and information classification and governance objectives, including review of current practices and requirements. Analysis of critical information assets and sources maintained by the company, risks and impacts of disclosure or mishandling to drive classification levels, and review and development support of protection measures, controls, and practices to restrict access to appropriate parties and establish safeguards for information confidentiality.
Mobile Device Management & BYOD: Review and analysis of client practices supporting mobile device strategy for access to client company’s resources, information, and other assets, whether driven through corporate-owned and provisioned mobile assets or bring-your-own-device (BYOD) initiatives. Assessment of effectiveness and provided guidance for refinement and development of practices and controls to programmatically secure mobile devices in use by the client’s workforce, and address the challenges and risks present with data access from mobile avenues.
Workforce Practices: Program review and development of security practices for client’s workforce management and related controls to assure conduct, access & privileges, and corporate lifecycle of employees, staff, and contracted resources appropriately meet internal and external requirements and best practices. Analysis and guidance to refine personnel classification, responsibility and capability determination supporting mechanisms such as role-based access control, staff onboarding and background check best practices, and administrative insider threat management.
Asset Control & Change Management: Consulting for client practices on inventory and asset control to be sure support of security requirements and foundational mechanisms of risk management. Includes review and guidance to develop and mature a comprehensive asset control system, including asset lifecycle management practices, change control processes, and configuration assurance to maintain secure baselines and transparency of assets deployed on the network and in the client environment.

Supported Compliance Professional Services Frameworks

· DoD SRG

· FedRAMP

· FIPS

· ISO 9001

· ISO 27001

· ISO 27017

· ISO 27018

· PCI DSS Level 1

· SEC Rule 17-a-4(f)

· SOC 1

· SOC 2

· SOC 3

· CISPE

· EU Model Clauses

· FERPA

· GLBA

· HIPAA/HiTech

· IRS 1075

· ITAR

U.K. DPA – 1988

· Federal Information Processing Standard (FIPS) 140-2

· Family Educational Rights and Privacy Act (FERPA)

· VPAT / Section 508

· EU Data Protection Directive

· Spanish DPA Authorization

· CIS

· CJIS

· CSA

· EU-US Privacy Shield

· FISC

· FISMA

· GxP (FDA CFR 21 Part 11)

· ICREA

· MITA 3.0

· MPAA

· PHR

· Uptime Institute Tiers

· UK Cloud Security Principles

· Service Organization Controls (SOC)

· 1/American Institute of Certified

Public Accountants (AICPA): AT 801 (formerly Statement on Standards for Attestation Engagements [SSAE] No. 16)/International Standard on Assurance Engagements (ISAE) 3402 (formerly Statement on Auditing Standards [SAS] No. 70)

· SOC 2

· SOC 3

· Payment Card Industry Data Security Standard (PCI DSS)

· ISO 27017

· ISO 27018

· ISO 9001

· Department of Defense (DoD) Security Requirements Guide (SRG) security impact levels 2 and 4

· Federal Information Security Management Act (FISMA)

· US Health Insurance Portability and Accountability Act (HIPAA)

· FBI Criminal Justice Information Services (CJIS)

· National Institute of Standards and Technology (NIST) 800-171

· International Traffic in Arms Regulations (ITAR)

· EU General Data Protection Regulation (GDPR

[InterVision] has been an easy vendor to work with and has the technical skills to supplement our internal staff.

Speak with an Expert

Ready to solve for your compliance needs? Speak with one of our experts to learn more about our compliance professional services.