- NIST was a new requirement that required a lot of work interpreting the standard
- GDPR regulation was broader than information technology and required building more consensus across the organization to build that standard
- Short timeline with specific deadlines to follow that were set by regulatory bodies
- Risk & Controls
- Technology Integration
- Operations Improvement
Percipio evaluated the current control environment and led the design of the compliance program to prioritize and implement key components before the deadlines. We brought an understanding of the tech environment and regulatory requirements, which were new, accessing experts with data privacy and security backgrounds as needed.
We helped facilitate discussion to identify gaps and evaluate solutions, and build consensus on how to address those gaps, as well as implement and adopt changes.
We then developed a roadmap for implementation, who owned which piece, how and when they should have it in place, all the while tracking progress along the way for a good handoff.
We built an awareness at the executive level and across the organization of the requirements for compliance and identified processes that were impacted.
By setting up our client with standards, we eliminated opportunities for non-compliance and improved their business environment to avoid fines, penalties and potential disruptions.
We strengthened their control framework, which also makes their processes more reliable and efficient in addition to being compliant. Our client also now had a formal security incident response plan, including framework, testing, training, communications, playbook and forms.
“Thank you for the tremendous body of work produced in the past 4 months. This has not only put Leupold in a position of compliance for our military contracts, but also has set the roadmap for a much more robust information security framework.”
