Goal

With NIST and GDPR regulations looming on the horizon, our client came to Percipio to start talking early about steps they were required to take to ensure they were in compliance. They needed help with planning, implementing new standards, and establishing ongoing procedures to maintain compliance with a hand off of the new standards to a new internal compliance group.
Challenges
- NIST was a new requirement that required a lot of work interpreting the standard
- GDPR regulation was broader than information technology and required building more consensus across the organization to build that standard
- Short timeline with specific deadlines to follow that were set by regulatory bodies
Expertise + Leadership

Percipio evaluated the current control environment and led the design of the compliance program to prioritize and implement key components before the deadlines. We brought an understanding of the tech environment and regulatory requirements, which were new, accessing experts with data privacy and security backgrounds as needed.
We helped facilitate discussion to identify gaps and evaluate solutions, and build consensus on how to address those gaps, as well as implement and adopt changes.
We then developed a roadmap for implementation, who owned which piece, how and when they should have it in place, all the while tracking progress along the way for a good handoff.
Results

We built an awareness at the executive level and across the organization of the requirements for compliance and identified processes that were impacted. By setting up our client with standards, we eliminated opportunities for non-compliance and improved their business environment to avoid fines, penalties and potential disruptions. We strengthened their controls framework, which also makes their processes more reliable and efficient in addition to being compliant. We formally documented our client’s information security policies, standards and guidelines establishing a solid foundation for ongoing improvement. Our client also now had a formal security incident response plan, including framework, testing, training, communications, playbook and forms.
“Thank you for the tremendous body of work produced in the past 4 months. This has not only put Leupold in a position of compliance for our military contracts, but also has set the roadmap for a much more robust information security framework.”
- IT Director