Skip to main content
MYDPO

IT GOVERNANCE & COMPLIANCE SERVICES

Every company should start with a comprehensive and robust governance program. Our specialists work with clients to understand their business and technologies, and subsequently draft and manage the implementation of corresponding policies, procedures, controls, and standards, to manage technology, privacy, and cybersecurity operations. We then work with clients to make sure that there are all other required documents in place including, but not limited to, an organization chart, and an asset inventory.  These policies often constitute up 60-90% of the work for different assessments and certifications. With a robust IT Governance & Compliance Program in place, you not only reduce operational and regulatory risk, but your company can rapidly and proactively acquire industry certifications (instead of trying to draft documents after an assessment or certification process is underway). Services in this category include (and please include the graphics from page 10 of the attachment):

Component
Policy
Example

"We will properly maintain our network and assets."

Control Objective

"The organization applies software patches in a timely manner."

Standard
Prouduce/ Control Activity
Controls

"Systems must be patched within 30 days of the vendor's release date"

"Workstations and servers will be patched on [certain day each month] By [assigned team]."

"A vulnerability management plan is develop and implemented"

Our offerings under this section include, but are not limited to:
  1. Comprehensive Compliance Risk Assessment, Gap Analysis and Remediation Plan
  2. Strategic review, drafting and managed implementation of IT Compliance Documentation
  3. Tabletop Testing (at least once a year) of the Business Continuity, Disaster Recovery, and Incident Response Plans (and any other legally required procedures and operations)
  4. Training Program Development, Implementation, and Management (Virtual Training Program Officer via our staffing services)
  5. Virtual IT Compliance Governance Manager - Keeping Policies up to date with laws and internal ops; responding to assessments with the policy library and other docs, etc...