Security Frameworks
Are boards, customers, or regulators asking about your security posture?
What security controls should I be adopting and implementing?
How do I know my third-party vendors are focusing on security?
Whether you're struggling to identify or implement the right security requirements for your organization, need to measure your progress or alignment with best-practice standards, or are trying to measure your third-party security risk, we've got you covered. Our Security Frameworks services are focused on providing tangible, meaningful contributions to your program.
Security Framework Assessments and Implementation
NIST or ISO? What is HIPAA? We can help.
No matter where you are in your security framework journey, we can help. Our experience and expertise allows us to frame and rightsize your project to amplify value. Whether we're writing your policies and controls or evaluating your organization's existing processes against prescribed standards, we provide the right perspective to ensure you're receiving relevant insights and optimal results.
SOC II Readiness & Reporting
How do you respond to endless surveys and document requests for your security practices?
Has your company signed a contract that requires you to issue a SOC II report?
So many companies CAN produce these attestation reports - all you need is to be registered as a CPA firm. We differentiate ourselves by providing you with a better experience.
You want an auditor or advisor that is reasonable, easy to work with, and has a lens that is broader than pass or fail. We bring experience in helping implement and audit not only SOC II processes and controls, but also in helping security functions build and improve on the concepts covered in the report.
Sarbanes-Oxley 404 Improvement & Testing
How do I achieve SOX compliance?
Why isn't SOX getting easier?
SOX 404 has been around (and a big lift!) since the early 2000s. Compliance takes a lot of time and effort, and like referees, you only get attention when something goes wrong. Our goal is to help keep SOC simple and keep you compliant.
We've been auditing SOX since its inception, helping implement, improve, and audit both the business and IT general processes and controls.
You don't need someone to tell you what you should do, then stand back and watch. We get our hands dirty and do whatever work you need, from helping you with your strategy to all the fun of detailed testing and documentation.
"Craft Compliance is very informative about findings and how to resolve those issues."
Bryan P., Director of IT