Our unique approach combines working with organizations to understand their business mission and how cybersecurity intersects with this mission through people, process and technology. Our vantage point is inside out, we help create the culture and governance structure so from the from front desk receptionist to the Executive Board cybersecurity becomes an asset not a liability. We embrace the importance of being proactive and implementing processes and training to mitigate cyber business risks.
Only 28 percent of respondents said corporate policies closely monitor their use of cloud apps for mission-critical data, and just 60 percent of employees are aware of company policy regarding corporate data theft.
Source: COSO ERM, Internal Auditors Association
Stay Ahead of the Curve
Covenant will define, develop, perform and manage your organization’s audit and compliance requirements. Example:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- National Institute of Standards Special Publication (NIST SP 800 Series) Risk Management Framework
- Sarbanes-Oxley Act (SOX)
The Human Effect
Covenant invests considerable resources testing the non-technical factors of your enterprise, since they are truly the most vulnerable.
- We develop procedures and training based on accepted nationally and internationally recognized Security Standards, such as the National Institute of Standards (NIST) and/or International Organization for Standardization (ISO).
- Covenant evaluates your staff members’ understanding of your policies and procedures for cybersecurity compliance.
- In addition, the data gained from these activites enables your organization to review your agreements, memorandums of understandings and other important contracts to ensure your vendors, clients and internal personnel are accountable for information protection.
Test. Adapt. Repeat.
Covenant provides an electronic copy of our test procedures, so your personnel can continue validating system security and modifying the procedures as often as needed when major system and/or business changes occur.
For government clients, this documentation is required for the System Authorization processes—which can impact agency funding as noted under the Federal Information Security Management Act (FISMA).