What is a Framework?

A framework is a set of requirements (or rules) that dictate how, and what, must be done to be compliant with that framework.

Here are a few examples:

1. You must use strong passwords 2. Your data must be encrypted 3. There must be no shared logins 4. Your server room must have a lock on the door

SCOPE:

Any medical, practitioner, dentist, insurance company or any other organization that contains, processes, or manages HIPAA

Target Market – Smaller insurance/chiropractors/medical practices that know they need HIPAA but have no idea how compliant they are and what the risk/exposure is.

SCOPE:

Any organization that holds a government contract, or more commonly a sub-contractor, which the contract requires compliance with…

DFARS 252.204-7012 or NIST 800-171. Those are older frameworks (which is why we don’t assess them) but those contractors have been directed to implement the requirements of the CMMC framework.

Target Market – Small to medium businesses that have government contracts that must comply with CMMC, DFARS or NIST 800-171. Many of these businesses have a half ass approach to NIST 800-171 or are simply lying. At some point in time, CMMC will be doing external audits (not to be confused with our assessments). Our assessments will provide a report that shows how ready they are for the upcoming external audit.

Special Note – Our Assessments are not the third-party audit; they are tools that show whether a company will pass the audit.

SCOPE:

Any company that collects personal data (PII) AND has at least one client in the EU. GDPR governs the storage and use of personal data …

for residents of the European Union. Target Market – Any company that has clients in the EU and collects personal data. Probably smaller companies that have not even heard of GDPR.

SCOPE:

Any company that does not operate under one of the defined frameworks in this document but is concerned about active cyber security…

threats or their security posture.

Target Market – Any company whose CEO is aware and/or concerned about his/her company’s cyber security posture and would like to know how vulnerable they are to attack and/or want a risk assessment. We are not looking to actively market “any” company as that tends to be a waste of time. We need to market to companies with a “hook” or message that grabs the attention of someone who is concerned about cyber security.

SCOPE:

Any company that collects personal data (PII) AND has at least one client in the EU. GDPR governs the storage and use of personal data …

for residents of the European Union. Target Market – Any company that has clients in the EU and collects personal data. Probably smaller companies that have not even heard of GDPR.

Get a Free Basic Assessment

Our managed compliance solution:

… will help your business achieve and maintain its data security requirements, help streamline the ongoing compliance processes, and stay up to date with the complex and evolving data protection laws and regulations.